Auto-Detecting Malware? It's Possible 178
itwbennett writes "If antivirus protectors could collect data from machines and users, including geographic location, social networking information, type of operating system, installed programs and configurations, 'it would enable them to quickly identify new malware strains without even looking at the code,' says Dr. Markus Jakobsson. In a recent article, he outlines some examples of how this could work. The bottom line is this: 'Let's ignore what the malware does on a machine, and instead look at how it moves between machines. That is much easier to assess. And the moment malware gives up what allows us to detect it, it also stops being a threat.'"
Re:trojans (Score:3, Informative)
They thought of that:
Re:Privacy (Score:5, Informative)
Well, yes and no; it depends on what kind of data.
Windows Defender, which is on pretty much every XP and Vista box, already does this. Out of the box, it will submit information on startup programs, malware detected and removed, and which services and startup programs you have disabled, to the aptly named Microsoft SpyNet [microsoft.com].
It's not quite as scary as it sounds; if you're using Windows Defender to decide whether or not to kill that fishy-looking SynTpEnh.exe process from starting, you can see that 99% of SpyNet members leave it enabled because it makes your laptop's touchpad work. </contrivedexample>
So, maybe be a bad idea, but not a new one - it's already being done.
Re:Privacy (Score:3, Informative)
Usually, the Norton Removal Tool [symantec.com] does the job in blowing Norton's software off the system.
I've had to be able to get enough people there in my line of work that I know the way there. Grab it, and let it wipe that damn thing out.
Re:I have a better idea (Score:3, Informative)
I'll just point out here that Linux users generally do not run as Admin-God on their machines, so while they could still bork their own user account it becomes that much more difficult to compromise the entire machine.
If OSX, Linux, & BSD can do it, Microsoft can (Score:3, Informative)
Those operating systems have fewer vulnerabilities because they were designed to be secure.
Leaks and emails reveal Microsoft release policies (Score:4, Informative)
It was widely reported that Windows 2000 was released with 63,000 known defects [cnn.com].
It was widely reported that Windows XP was released with more than 100,000 known defects [lowendmac.com]. (I don't have time to find a better link.) Microsoft reported that Windows XP Service Pack 2 fixed several hundred bugs, several of them very serious.
Windows Vista was released against the wishes of some Microsoft managers, who said it was not ready for release. There was a court case [channelregister.co.uk] that revealed emails saying that. (Again, I don't have time to find a better link.)
Re:Where the Windows White List? (Score:3, Informative)
as does windows
what a bunch of crooks... (Score:3, Informative)
try this on a solaris box:
# find / -type f -perm -ugo-x -exec digest -va md5 {} \; > /executables_digest
then every week, do:
# find / -type f -perm -ugo-x -exec digest -va md5 {} \; > /tmp/weekly_digest /executables_digest /tmp/weekly_digest
# diff
pretty much what software like tripwire works.
what those crooks on TFA want is collect a bunch of information about everybody's computers, then sell to the highest bidder.
fuck them. not on my solaris boxes. not on my linux boxes.
It is necessary to explain Windows' sloppiness. (Score:3, Informative)
One magazine collected 210,000 signatures against adoption of Windows Vista and for keeping Windows XP: The campaign to save Windows XP [infoworld.com].
The fact is that we are not seeing the kind of weaknesses in Linux, OS X, or BSD that are commonly found in Windows. Windows XP was an expensive hassle for us until SP2.
Here is an interesting fact: The latest version of Firefox, and all the versions before it, have a bug which causes Firefox to crash when there are too many windows and tabs. That bug corrupts Windows; sometimes Windows crashes, also. It is always necessary to re-start the computer.
Linux remains stable when Firefox crashes, however.