Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Use Machines To Analyze Malware

Zonk posted more than 8 years ago | from the bugs-under-glass dept.

55

Krishna Dagli writes to mention a Register article about a mechanical process for analyzing malware. Using an automated system, researchers are able to more accurately classify the often randomly-named bots and viruses that plague us. From the article: "The researchers modeled a piece of malicious software as the series of actions that the software takes at the operating system level. Referred to as 'events' in a paper written by Lee and anti-malware program team manager Jigar Mody, the actions can include data copying, changing registry keys and opening network connections. The researchers then trained a recognition engine using an adaptive clustering algorithm - similar to self-organising maps - and classified a previously unseen subset of malware using the trained system. Using more clusters typically resulted in better classification. When the software samples were classified based on 100 events, accuracy fell below 80 per cent, while classification based on 500 and 1,000 events typically has accuracy rates above 90 per cent."

cancel ×

55 comments

first ? (0, Offtopic)

fire4ever (630478) | more than 8 years ago | (#15512409)

This is first ?

public service announcement (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15512502)

pederasts are gay.

(by definition)

The future is now (4, Insightful)

Umbral Blot (737704) | more than 8 years ago | (#15512410)

Obviously solutions like this will be the way of the future, combined with a finer grained permission system. I just hope you can manually exempt programs. For example bittorrent opens a lot of network connections, and copies a lot of data around; I could see a tool such as this reasonably coming to the conclusion that it was malware. I am also curious if their system could defeat a rootkit, which will do its best to hide its activity and existence almost completely from the system.

Re:The future is now (0)

Anonymous Coward | more than 8 years ago | (#15512466)

It would seem to me that malware has to report to some IP addrss on the internet ,
Why cant that IP be traced and the reciprt of the information sued ?

What is the pupose of Malware ?
If not viral. , it must report to some IP that is traceable,
for example, I get some malware, and open my routers packet log, and see it's communication with Some IP
Why cant I just sue the owner of that IP?
I'm not a lawwer, but i dont see why people dont do that certainly the communication can be traced

Re:The future is now (4, Insightful)

bmo (77928) | more than 8 years ago | (#15512487)

"Why cant I just sue the owner of that IP?"

Because the owner of the IP is not always the originator of the malware, but a victimized third party? Ya think? Haven't you ever looked at your phishing spam URLs?

Only a seriously stupid criminal would illegally collect information at a machine that he owns himself.

That said, the prisons are not full of geniuses.

--
BMO

Re:The future is now (2, Funny)

ciroknight (601098) | more than 8 years ago | (#15512486)

New classification system eh? Sounds good to me...

"Pandavirus/2006Tokyo is in Domain Malware, Kingdom Microsoft, Phylum Spyus Maximus, Class Claria, Order Adicus Wearicus, Family Panda."

Re:The future is now (1)

Zeinfeld (263942) | more than 8 years ago | (#15512944)

Obviously solutions like this will be the way of the future

Mechanical? Why mechanical? I thought we had left the Babbage era approach behind when they invented the transistor.

Whats wrong with electricity?

Re:The future is now (1)

TCM (130219) | more than 8 years ago | (#15513031)

I just hope you can manually exempt programs.


"Attention! Program X requires blah bla blah. To do that blah blah blah. Do you really want to blah blah blah?"

*90% of users click yes* There, malware exempted. Those people who get malware[1] in the first place won't be helped by this at all.

[1] The open-this-attachment-to-get-owned type, not the Windows-is-a-piece-of-shit-automatically-owned type.

The past is out future. (2, Interesting)

TeamSPAM (166583) | more than 8 years ago | (#15513365)

Back in the days when Macs had viruses (yes they do exist or existed), I was using a program called Gatekeeper [utexas.edu] . Instead of knowing about certain virus it monitored system activity and alerted you when virus type activity was happening. You the user would either deny or grant the action.

So given my experience with GateKeeper, the ideas of this malware detection seem obvious. Why did it take this long to apply these ideas to windows malware? Is the problem commerical anti-virus software? They prefer you to keep paying for updates, instead to shut down potential malware until they software knows about it?

Re:The future is now (1)

swillden (191260) | more than 8 years ago | (#15517198)

For example bittorrent opens a lot of network connections, and copies a lot of data around; I could see a tool such as this reasonably coming to the conclusion that it was malware.

The RIAA and MPAA would agree with that conclusion.

Advantages? (4, Insightful)

bsdluvr (932942) | more than 8 years ago | (#15512412)

Does this new classification method really have any advantages for the average user? I'm sure most people just want to keep their systems malware-free, and could care less about the names of the individual threats.

Re:Advantages? (3, Insightful)

Aneurysm (680045) | more than 8 years ago | (#15512420)

If you can group malware threats together it may be easier/quicker to come up with methods to remove them. Common system actions probably means common steps to get rid of the malware. Also, having a database of actions that a piece of malware takes when infecting a system could help identify an infection sooner. If you had an anti-malware package running on your computer and intercepting reg key changes, directory creations etc. before they happened, it could step in to alert the user and eradicate the threat before it had even finished installing itself. Admittedly many people wouldn't want an anti-malware system constantly monitoring every API access, but if it was made transparent this is the sort of thing that would greatly benefit the less technically minded user.

One-sentence summary (1)

cp.tar (871488) | more than 8 years ago | (#15512456)

So, basically, we'll have another anti-virus-like program monitoring our systems.

Yay for the multi-core CPUs!

Re:One-sentence summary (3, Insightful)

ozmanjusri (601766) | more than 8 years ago | (#15512481)

So, basically, we'll have another anti-virus-like program monitoring our systems.

That's the most attractive option for the big malware prevention/removal companies, and is the most likely scenario in the near future.

The opportunity this type of forensic analysis creates though, is that it exposes and classifies the methods the malware uses to insinuate itself into the host operating system. That means OS vendors can analyse the failure points of their products and harden them against the malware. At the moment, the two key problems with malware removal are

1. Recognising its presence
2. Removing the malware and returning the computer to a safe state
If you minimise the number of places where programs can start at boot time and make any auto-starting program clearly visible and easily removable, for example, you will have made it easier for users to block or remove an infection and have reduced the motive for crackers to write the malware in the first place.

It's also an example of why an OS vendor who also sells malware tools has such a dangerous conflict of interests.

Re:One-sentence summary (2, Insightful)

cp.tar (871488) | more than 8 years ago | (#15513037)

The point is, however, that malware mostly (ab)uses perfectly legal system instructions.

Therefore, whatever it is that will be running in people's backgrounds, it will have to have a heuristic algorithm and monitor every single system activity.

To abuse the good old car analogy, it's as if more and more safety measures were introduced in cars instead of teaching people to drive safely.
Wait, where was I going with that one?

Anyway, I do not want (at the times when I'm using Windows) another program which will protect me some of the time and hog resources all of the time.

But to discuss one of your points:

If you minimise the number of places where programs can start at boot time and make any auto-starting program clearly visible and easily removable, for example, you will have made it easier for users to block or remove an infection and have reduced the motive for crackers to write the malware in the first place.
Now, that I can't really agree with.

People mostly do not write malware as a programming exercise or 'because they can'.
The romantic days of great hackers seem to be long past.
The reason people do write malware is, as /. meme goes, 4) Profit!!!1one
You may make it more difficult, but as long as the motive is plain and simple profit, the motive will remain.

Re:One-sentence summary (1)

ozmanjusri (601766) | more than 8 years ago | (#15514868)

The point is, however, that malware mostly (ab)uses perfectly legal system instructions.

Yes, that IS the point. And what that means is that by analysing which of those system instructions are being abused and how, you can redesign the system to resist the attacks better. In Windows, for example, the \HKLM\...\Run: registry entries, WINDOWS\Prefetch, etc are the most common points for malware to hook into to ensure they are loaded at starup. Make it easier to protect and clean those areas and you'll eliminate a whole class of malware.

The reason people do write malware is, as /. meme goes, 4) Profit!!!1one
You may make it more difficult, but as long as the motive is plain and simple profit, the motive will remain.

Yep absolutely, but the point I was making was that most of the profit requires the malware to remain on the victims' computers for a significant period. If OS vendors make their products easy to clean, there's less profit, and therefore less motive.

Re:One-sentence summary (1)

cp.tar (871488) | more than 8 years ago | (#15515450)

If OS vendors make their products easy to clean, there's less profit, and therefore less motive.

Not exactly.

As in medicine, a bit of prevention is worth more than a... megabyte of repair.

If OS vendors make their products more difficult to infect, now there we may see some improvement... for users, it seems, are not getting educated any better.

Re:One-sentence summary (3, Interesting)

jacksonj04 (800021) | more than 8 years ago | (#15512489)

Is it worth having a core just to do background tasks like this?

Since multicore systems are starting to take off, perhaps there should be a method for applications to flag themselves as 'supporting', and then have a seperate lower power core dedicated to 'supporting' applications such as AV, system monitors etc?

Re:One-sentence summary (1)

GroinWeasel (970787) | more than 8 years ago | (#15515946)

Do you not see that as a huge admission of defeat? That you are _seriously_ suggesting a anti-virus/spyware CO-PROCESSOR?!?

Re:One-sentence summary (1)

jacksonj04 (800021) | more than 8 years ago | (#15516043)

No, although AV/Spyware would be ones that use it. I was thinking more a co-processor for those things which sit around doing nothing but waste cycles, but which actually have a use. Update daemons, sync tools for PDAs, network monitors, backup and encryption tools etc.

Re:One-sentence summary (1)

Aneurysm (680045) | more than 8 years ago | (#15512508)

Only if you need it... Sensible users usually avoid malware infections, because they know the dos and don'ts of using the internet. Do use a firewall, don't run any screensavers you get by email. Do run regular security updates, etc.. These users won't need to use a resource sapping system monitor, it is the casual internet users who don't know about basic security that will. These users are also the type of users who won't mind running the program, because they don't need a 3gHz processor to run outlook and internet explorer anyway.

Re:Advantages? (1)

witte (681163) | more than 8 years ago | (#15512441)

This could be very useful.
The thing is that the perception of human researchers is always skewed by assumptions and the human tendency to generalize any problem, based on incomplete data. (Useful in survival-of-the fittest scenarios, but potentially counterproductive when doing research.)
Machines deal with facts, period.
They may expose things we previously ignored or crammed into categories that don't really fit the bill.
(Of course, if the data fed to the machine is presented in a form which has already been sorted/validated by a human researcher, the system is still tainted.)
A finer-grained categorization can result in better tuned defenses against annoying/subversive crapware.

Re:Advantages? (0)

Anonymous Coward | more than 8 years ago | (#15512484)

This sounds like a pattern analysis/heuristics type approach, similar to what some host based IDS systems use (I.E. Okena, did Cisco kill this or what?)

Anyway, if you can *detect* the malware then you can build signatures to scan for it using simpler software like SAV, McAfee, Ad-aware, SpyBotS&D, pestPatrol and others assuming that the malware isn't so advanced that it can evade detection. (polymorphic code techniques, or whatever)

Re:Advantages? (1)

kesuki (321456) | more than 8 years ago | (#15512510)

the distructive payload makes this malware a virus. Most malware simply has code to 'self destruct' the system if tampered with, disabled, or made unable to think it's able to access the internet.

Afterall most malware are exploits meant to make money off peoples computers. either through ad revenues, bulk mail sending, or formation of a 'botnet' which can be used for a whole slew of possiblities. a few pieces of malware try to steal data so that you can become a 'victim' of internet crime, which is why certain hackers intentionally load malware, so that the government can montior all their packet data and catch the law breaking crooks, or shut them down before they do a lot of damage to 'innocent' users who don't know any better.

In all my years on the internet I've learned that not every company that sends bulk mail is in the same class. We've got the opt-in bulk mailers, who focus on finding reasons for people to 'opt in' then we have the 'opt-out' companies who generate and use do-not mail lists. then we have the companies who just try to send so much stuff, that they can 'sucker' in everybody with all the fake offers, and scams.

It certaintly makes the world more interesting that we have so many different types of people, but it costs a lot of money when the 'criminals' get away with millions from the crime. Right now america has possibly the least amount of fraud, because of all the attention that's been paid to it by the various federal agencies and the 'war' that this administration is waging against 'terror' because they feel that the companies stealing money are perhaps using that stolen money to fun terrorist operations. Considering most of the crime traces back to africa, and africa has a lot of ties to 'terrorist' networks, the administration is probabbly right that the money could be being used for that. although there is also a lot of poverty in africa, but i've always believed that poverty is just a state of mind.

Even though i sometimes can get caught up on apperance, and wealth, but hey i grew up in america, which has the strongest economy in the world. So, to a certain extent that's to be expected. In my own personal life, with the exception of computers, i live very cheaply though. perhaps too cheaply, but that just means i've been less of a drain, since i haven't been getting paid other than the occasional odd job.

Re:Advantages? (1)

cyber-vandal (148830) | more than 8 years ago | (#15512970)

i've always believed that poverty is just a state of mind.

It's usually a state of not having enough resources to feed, clothe and house yourself (and your family if you have one). Now if you know a way for a person to think themselves out of that, you'll be the most revered man on the planet when you share it with the rest of us.

Re:Advantages? (1)

kesuki (321456) | more than 8 years ago | (#15513277)

That is the materialistic view. In the material sense, one can eat bugs and roots, drink stagnant water, sleep in a pile of filth... and no one could doubt that that is 'poverty' in the material sense. But I've seen some good documentaries of tribes in africa, and south america who were living that way. And while those films were heavily edited, but I didn't see people who were really 'living in poverty' so much as leading the happiest best lives they could given the available resource.

Poverty is a state of mind my friend, much more so than the 'material' resource you have access to. you should read the book of job, just to understand where i'm coming from. that story does a far better job of explaining how poverty doesn't have to relate to the physical reality.

Re:Advantages? (2, Interesting)

happyemoticon (543015) | more than 8 years ago | (#15513062)

Any mechanized approach to classifying malware is a good thing. I've heard anecdotally that the process of getting a program declared as a virus or malware is (or has been) as follows at major security firms:

  • Client gets infected with virus.
  • Client calls vendor when vendor's app refuses to clean it off.
  • Vendor's tech support gradually escalates the ticket until somebody with half a brain gets ahold of the problem.
  • Non-clueless support person dissects the malware and commits it to the week's definitions.

Oh, and of course:

  • Client's data is screwed.

Of course, this is purely anecdotal, and as someone who's never been employed at one of these firms I have no firsthand experience. But I suspect it's something like this, or at the very least something which requires a screaming client and a lot of human effort.

Also, a common thing to do with malware is to change a few lines of code here and there until a matching engine can no longer recognize it and then send it out again over the net. It sounds like their technology has the possibility of dealing with this as well, if it can intelligently sort together related infections. However, the guy who gets a virus first is still probably screwed - but it's an imperfect world.

Really? (0)

Anonymous Coward | more than 8 years ago | (#15512424)

Researchers Use Machines To Analyze Malware


What? Really? Of course, I didn't read the summary yet.

Better classification means better naming (5, Funny)

mrogers (85392) | more than 8 years ago | (#15512440)

Now instead of obscure names like W32/worm.169/06A they can give them meaningful names like W32/fucks.your.harddrive.and.emails.itself.to.all. your.friends.169/06A.

Re:Better classification means better naming (1)

bstrunk (535976) | more than 8 years ago | (#15512578)

At this point are we even sure that the classification system used is an effective one? If the malware is just being labeled as bad, more bad, and unbad, is classification really going to help anything?

Re:Better classification means better naming (1)

JoshRoss (88988) | more than 8 years ago | (#15512797)

I would want to be sure that I was protected from any w32/*fucks*(hard drive|registry|media) virus, as a first step.

Re:Better classification means better naming (0)

Anonymous Coward | more than 8 years ago | (#15512936)

Ah, so classification is useful for excluding detection of all slightly-less-dangerous threats.

Bugged? (2, Funny)

Anonymous Coward | more than 8 years ago | (#15512467)

I think the program is bugged, it keeps telling me that something called Windows is malware.

Re:Bugged? Patch (0)

Anonymous Coward | more than 8 years ago | (#15512501)

Hmm... (3, Funny)

Ichigo Kurosaki (886802) | more than 8 years ago | (#15512496)

Researchers Use Machines To Analyze Malware

as opposed to punch cards?

90% isn't good enough (3, Insightful)

m874t232 (973431) | more than 8 years ago | (#15512498)

Attempts at classifying malware automatically have been around for a number of years. Trouble is: 90% isn't good enough--it's too many false alarms. You need something that works almost perfectly in order to deploy it on real machines.

Wow (2, Insightful)

ms1234 (211056) | more than 8 years ago | (#15512503)

Maybe it could be trained to categorize my socks?

Re:Wow (1)

Joebert (946227) | more than 8 years ago | (#15512980)

count(socks) % 2 === 0 ? sort(socks) : kick(dryer);

what is that new malware subset? (2, Funny)

gbjbaanb (229885) | more than 8 years ago | (#15512511)

and classified a previously unseen subset of malware using the trained system

automated systems determined that the new worm, W32.setup/install.exe is the most prevalent ever, due to the success of its social-engineering attack vector.

YUO FAIL IT! (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15512553)

some rules (0)

Anonymous Coward | more than 8 years ago | (#15512581)

Rule 1: O/S weight={linux:1, windows:99}
Rule 2: Contains Sony copyright={no:0, Yes:90}
Rule 3: Changes Registry={no:0, yes:99}

What's Up PussyCat ? (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15512602)



What's new pussycat? Woah, Woah
What's new pussycat? Woah, Woah
Pussycat, Pussycat
I've got flowers
And lots of hours
To spend with you.
So go and powder your cute little pussycat nose!
Pussycat, Pussycat
I love you
Yes, I do!
You and your pussycat nose!

What's new pussycat? Woah, Woah
What's new pussycat? Woah, Woah

Pussycat, Pussycat
You're so thrilling
And I'm so willing
To care for you.
So go and make up your cute little pussycat eyes!
Pussycat, Pussycat
I love you
Yes, I do!
You and your pussycat eyes!

What's new pussycat? Woah, Woah
What's new pussycat? Woah, Woah

Pussycat, Pussycat
You're delicious
And if my wishes
Can all come true
I'll soon be kissing your sweet little pussycat lips!
Pussycat, Pussycat
I love you
Yes, I do!
You and your pussycat lips!
You and your pussycat eyes!
You and your pussycat nose!

(this is slow . this is real slow)

"us" ???? (4, Funny)

Wingsy (761354) | more than 8 years ago | (#15512614)

"...bots and viruses that plague us" What's this "us" shit Kemosabe? I've never experienced any bots and/or viruses in the past 5 years or more. What kinda system are you running that has this affliction?

my 5 *cent* (0)

Anonymous Coward | more than 8 years ago | (#15512619)

this really struck my eyes:
"80 per cent, while classification based on 500 and 1,000 events typically has accuracy rates above 90 per cent."

shouldn't it be percent ?

NO! (0)

Anonymous Coward | more than 8 years ago | (#15512848)


Cent is short for century, or centi, if you are of that orientation. 80 per 100 is correct. Percent is WRONG! as is your "5 cent" which should be 5 cents, or nickel if you are of that persuation. This is the way it is to-day. To-morrow things may, can, and will change. Return to your reader.

Re:my 5 *cent* (1)

rolfwind (528248) | more than 8 years ago | (#15512874)

No, you see, it's a pay as you go system. From the sentence you quoted, it should be obvious that for every cent you pay, they catch about 80 pieces of malware. Literally "80 per cent."

Of course, I'm wondering if this is a pre-pay system or if they'll just deduct it monthly from my bank account, but either way it doesn't matter to me since I trust these guys (hey, they are in the anti-spyware biz, it's unlike the company will fleece me just for step 3). This will go nicely with my new MS security subscription service [slashdot.org] and my PC with MS-pay-as-you-go-OS. [slashdot.org]

I now present... the Polymorph (5, Insightful)

packetmon (977047) | more than 8 years ago | (#15512761)

After reading 12 of the 17 page MS document I shake my head... Some malware do not run properly in VM. Some packers are known to detect VM environment and prevent the file from normal execution. What about smarter polymorphs which change and adapt not to mention their analysis', tests, etc., did not include a full scope of what malware targets: "Runtime environment simulation is still primitive. For example, we have not implemented Instant Messaging or P2P applications/servers." Couple this with: "The biggest benefit is more rapid response to complex threats. As the synergy between viruses, Trojans, worms, rootkits and exploits grows, waiting for a solution becomes more dangerous." And lest I forget "This two-part article series looks at how cryptography is a double-edged sword: it is used to make us safer, but it is also being used for malicious purposes within sophisticated viruses. Part two continues the discussion of armored viruses and then looks at a Bradley worm - a worm that uses cryptography in such a way that it cannot be analyzed. (source [securityfocus.com] ). So what happens when malware writers get a clue and start creating their own forms of crypto to hide their actions. For any company to create a product whether its hardware or software based, they'd only be lying to a degree about their ability to detect complex threats no matter what engine their malware snoopers were using.

Re:I now present... the Polymorph (0)

Anonymous Coward | more than 8 years ago | (#15513998)

So what happens when malware writers get a clue and start creating their own forms of crypto to hide their actions.
The MS paper is analyzing system calls (the so-called Native API in Windows). You cannot hide/obscure system calls at runtime, because the kernel has to decode them.

Wisdom follows, pay attention! (0)

Anonymous Coward | more than 8 years ago | (#15515601)

>a worm that uses cryptography in such a way that it cannot be analyzed

That means nothing. To execute it has to decode itself. AV companies use machines with "Windows checked/debug build" installed that replicates every single instruction over RS232 or USB to another identical machine, so you can see the tiniest detail as you wish. Many AV companies also own factory-rigwired confidental samples of Intel CPUs, which dump instruction execution in plain view, much like a lie detector for CPU or the bit-switch engineering consoles on 1960's era mainframes.

Of course lesser funded, non-commerical, NDA-handicapped entities like ClamAV do not possess these resources, so they may be in trouble.

Do not believe all hype you read in newspapers. Everything written by a human can be cracked by a human, plus AV researchers are better educated than hackers and VXers.

Curious...Curious... (1)

Attis_The_Bunneh (960066) | more than 8 years ago | (#15512883)

If you think about it, this is more to do with how folks that are paid to give us those fancy virus definition libraries than the average user, but end benefit is that all users at all levels will be able to handle these malware threats more specifically than just using random deletion methods. For example, I was an idiot got a keylogger onto my system [which isn't hard to do since it's a Bloze box...], but I haven't noticed any of my accounts being accessed as of yet, which of course I did change the passwords after I went back a version [I keep a clean copy of my system as a ghost CD...] on my system just in case. Either way, I notice that most anti-spyware/malware systems could not detect the keylogger, but my virus scanner could and it could not remove it. So, if these classification methods also lead to new methods of eliminating these threats, press on forward. ^_^

-- Bridget

You can already buy a product that does this (4, Informative)

Anonymous Coward | more than 8 years ago | (#15512908)

Internet Security Systems already provides a product that does this called "Proventia Desktop". Whenever the user tries to run a program, it first boots a virtual machine, runs the program, looks at all these behaviors (opening connections, setting itself as the Run entry in the registry, etc.). When the right combination of behaviors are detected, it marks it as malware and refuses to run it in the real machine. The entire process takes as much time as it would for anti-virus to scan it. It's about 99% effective, which means that it catches almost all 0-day viruses, but it will occasionally let something through (which is why you should probably also have traditional anti-virus as well).

Site mentioned (0)

Anonymous Coward | more than 8 years ago | (#15513096)

At the end of the article the Offensive Computing project is mentioned. The url is http://www.offensivecomputing.net [offensivecomputing.net] . That site isn't trying to sell you anything, its more of a resource for forensic / incident response people to get infomation about malware they run across. Its not a tool you would run on your home computer either, more of a database of malware with some automated basic analysis and fingerprinting.

Computer security is not easy.... (1)

zappepcs (820751) | more than 8 years ago | (#15513146)

Computer security is not easy for businesses and more difficult for the average home user .... But it seems to me that as the price of hardware drops and home networks become more plentiful, we will see more 'appliances' that come described as routers/firewalls/proxies that run the appropriate software so that such programs can be detected by signiature before they get to your desktop. Though that would or might be another level of possible infection to home networks, it is still much stronger than a desktop system alone.

One of the things that I've not seen enough of yet is simply booting from CD into DSL or Puppy, and running ClamAV or other programs to route out any malware, virus, or other malicious software on your desktop.

I think that good security is not any single program or approach, but a combination of counter attacks. I think that this is a possible new approach to staying in the antivirus business despite MS attempt to get into that market space.

Read that as a home network with two desktops, served by a firewall/proxy running linux and appropriate software to screen data from websites, email, IM, etc. and tools that do not depend on the OS they are protecting to do the cleaning.

Steampunk Anti-Virus (1, Funny)

Anonymous Coward | more than 8 years ago | (#15515562)

>a mechanical process for analyzing malware.

Do you mean it is steam or internal combustion powered? Based on a huge Babbage differential engine, programmed with cards in Lady Ada language? It must be since it is mechanical! The MODUS, a stack of most advanced cards for automated malware analysis is the subject of an international conspiracy. And the London smog gets denser every day.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...