How To Guarantee Malware Detection - Slashdot

Slashdot

How To Guarantee Malware Detection 410

Posted by CmdrTaco on Monday March 15 2010, @12:19PM
from the pardon-my-skepticism dept.

itwbennett writes "Dr. Markus Jakobsson, Principal Scientist at PARC, explains how it is possible to guarantee the detection of malware, including zero-day attacks and rootkits and even malware that infected a device before the detection program was installed. The solution comes down to this, says Jakobsson: 'Any program — good or bad — that wants to be active in RAM has no choice but to take up some space in RAM. At least one byte.'"

This discussion has been archived. No new comments can be posted.

How To Guarantee Malware Detection

Search 410 Comments Log In/Create an Account

Comments Filter:

Re:At least one byte (Score:5, Funny)

by dmgxmichael (1219692) writes: on Monday March 15 2010, @12:25PM (#31483232) Homepage

Not a fair comparison. Malware usually does what it's supposed to.

Parent Share
twitter facebook
Re:So it has to be in RAM (Score:3, Funny)

by dissy (172727) writes: on Monday March 15 2010, @12:28PM (#31483290)

The hard part is actually finding it.
That reminds me of a signature I've seen around here (Sorry, I don't remember who was using it)
cat /dev/ram | strings | grep llama
OMG, my RAM is full of llamas!

Parent Share
twitter facebook
Re:"Guarantee" (Score:5, Funny)

by dmgxmichael (1219692) writes: on Monday March 15 2010, @12:30PM (#31483316) Homepage

Reminds me of Murphy's 7th law - "Should you ever idiot proof anything God will make a better idiot."

Parent Share
twitter facebook
Re:At least one byte (Score:5, Funny)

by Chris Burke (6130) writes: on Monday March 15 2010, @12:36PM (#31483436) Homepage

While it might be true that any application will take up at least a byte of memory, there is no reason malware couldn't masquerade as another binary down to the exact number of bytes.
Oh see he didn't finish explaining.
Any program that wants to be resident has to occupy at least one byte of RAM. And that byte should include the Evil Bit, which all malware should set. Then your anti-virus program just checks the Evil Bit and problem solved!

Parent Share
twitter facebook
Re:Refuting the imaginary article in your head (Score:5, Funny)

by edmicman (830206) writes: on Monday March 15 2010, @01:19PM (#31484046) Homepage Journal

Wrong! Abstinence is the one and only preventative answer!

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

473 commentsYour Passwords Don't Suck — It's Your Policies
418 commentsFBI Says American Universities Infiltrated by Spies
391 commentsAdobe Introduces the Paid Security Fix
343 commentsSymantec: Religious Sites "Riskier Than Porn For Viruses"
333 commentsOsama Bin Laden Didn't Encrypt His Files

[A computer is] like an Old Testament god, with a lot of rules and no mercy. -- Joseph Campbell