Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Spam The Internet Worms

Malware vs. Anti-Malware, 20 Years Into The Fray 62

Posted by timothy from the might-as-well-enjoy-it dept.
jcatcw writes "Steven J. Vaughan-Nichols considers the dissimilarities between malware of yore and current infiltrations as we approach the 20th anniversary of the Robert Morris worm. Modern malware apps curl up and make themselves at home in your system, where they wait for a chance to snatch an important password or a credit card number. Welcome to the era of capitalist hacking. Any self-respecting malware program today is polymorphic, making signature-based antivirus approaches difficult. Heuristics and virtual sandboxes offer alternatives, but all such methods are reactive. Unfortunately, monitoring lists and networks is about the only current alternative."
This discussion has been archived. No new comments can be posted.

Malware vs. Anti-Malware, 20 Years Into The Fray More

Malware vs. Anti-Malware, 20 Years Into The Fray

Comments Filter:

  • There is no cleanup anymore (Score:4, Interesting)

    by Toreo asesino ( 951231 ) on Tuesday May 06, 2008 @12:38PM (#23313488) Journal
    Some malware i've seen has become seriously soffisticated, so much so cleaning it is basically impossible.

    Non-admin rights, client-side file-scanners, web-side black-lists, and user training is the only way malware is going to go away.

  • There ARE other alternatives (Score:4, Interesting)

    by Arrogant-Bastard ( 141720 ) on Tuesday May 06, 2008 @02:13PM (#23314738)
    In re: "Unfortunately, monitoring lists and networks is about the only current alternative."

    There are many alternatives to this, starting with: "Recognize that operating systems which are readily compromised by malware are broken and not acceptable for use." If you choose to use an OS which is so intrinsically weak that it cannot survive exposure to the (unfirewalled) Internet without anti-virus, anti-spyware, anti-adware, etc., then you have chosen poorly, and no subsequent choice you make will compensate for that.

    A followup point would be "Understand that it is not possible to 'clean' a malware-contaminated system. The only acceptable course of action is to wipe to bare metal, reinstall, and restore from backups." While it might have been partially true in a limited sense that some malware could be removed by anti-whatever products, that's certainly not the case now: it's much more likely that malware will evade detection and removal. Of course, it serves the purposes of both anti-whatever companies and lazy system administrators to continue propagating this fiction, because if they actually had to scrub and rebuild systems as often as they're infested, they might have to face some hard choices that they'd rather not.

    And an excellent set of auxiliary points may be found in Marcus Ranum's The Six Dumbest Ideas in Computer Security [ranum.com], where he enumerates the most egregious (and sadly, most common) mistakes made by nearly everyone, including supposed "experts" with strings of meaningless, worthless certifications after their names.

    So there are plenty of alternatives -- but choosing them and implementing them requires vision and insight, two qualities badly lacking in many in the profession.

  • How does a vendor become trusted? (Score:3, Interesting)

    by tepples ( 727027 ) <tepplesNO@SPAMgmail.com> on Tuesday May 06, 2008 @02:40PM (#23315120) Homepage Journal

    only use signed software from your public repository or from trusted vendors.
    How does a vendor become trusted under your best practices?

Slashdot Top Deals

"Protozoa are small, and bacteria are small, but viruses are smaller than the both put together."

Close