Malware vs. Anti-Malware, 20 Years Into The Fray 62
jcatcw writes "Steven J. Vaughan-Nichols considers the dissimilarities between malware of yore and current infiltrations as we approach the 20th anniversary of the Robert Morris worm. Modern malware apps curl up and make themselves at home in your system, where they wait for a chance to snatch an important password or a credit card number. Welcome to the era of capitalist hacking. Any self-respecting malware program today is polymorphic, making signature-based antivirus approaches difficult. Heuristics and virtual sandboxes offer alternatives, but all such methods are reactive. Unfortunately, monitoring lists and networks is about the only current alternative."
Robert Morris, OMG (Score:5, Informative)
http://pdos.csail.mit.edu/~rtm/
You're thinking of the William Morris talent agency in Hollywood, or something. Mods, please correct this.
Some ways to win. (Score:3, Informative)
Prevent any other changes from being made to the system, mount system partitions read only.
Where users are installing software, force it into a sandbox (one for each application). Each sandbox will have limited access to the network, user files and hardware (such as web cams and microphones).
The simplest solution is to never allow software from users to run (mount home partition as no-exec). However, this doesn't cut it much of the time, which is why I would suggest doing something similar to no-exec, but as a sandbox rather then not running the file at all. I'm not sure how hard that would be, but I'm sure it is possible.
(Oh wait, are we talking about MS Windows here? I guess you can ignore what I said then...)
Criminals and Elections (Score:5, Informative)
Between spam, malware, and credit card fraud, the criminals are winning, big time.
The eventual consequence of this is a faltering of trust in our financial systems and economies, and the rise of new kinds of criminal mafias, with billion dollar portfolios. If you thought the mob was scary, wait until you see what rises out of the ashes of the current system.
The solution to this, I believe, is first to limit the information transferred in any transaction to that which is necessary for the transaction (no grocer, you don't need to know where I live); second to implement electronic cash (in the current credit card system you give authorization to perform transactions at any time in the future without verification); and third to establish and teach strong cryptography for communications, transactions, and identity.
But the biggest thing we can do now is get the world's police forces to get off their asses. As long as these things are not prosecuted, criminals will flourish, and they are.
It's time to make this an important issue in elections, before we all lose big.