How Viruses Evolve Into All-Purpose Malware

KingofGnG writes "Computer threats are continuously evolving, and some malicious codes are a problem difficult to tackle because of their inherent complexity and an intelligent design capable of constantly putting under pressure security companies. A remarkable 'intelligent' threat is for instance Sality, the 'new generation' file virus that according to Symantec has practically turned into an 'all-in-one' malware incorporating botnet-like functionalities as well."

Re:the benefits of open source...

[Opportunist]

While not really an MS fanboy, the main reason why there's so little malware for OSS is because there's so little market. Malware is just like any software: They want to target a market as big as possible. Why are there so few commercial games for Linux? Same reason.

Besides, it's not anymore which system is more secure. The main question today is, which system has the bigger amount of completely ignorant users who click anything promising him dancing bunnies. And you can have the tightest, most restrictive security system in place, if the user has the root password and hands it to everything promising him a dancing bunny, the security is swiss cheese. Windows, Linux, MacOS or whatever, if the user is a doofus, the system is easily compromised.

It kinda depends

[warrax_666]

You're certainly right that a sufficiently motivated idiot can compromise any system, but the system designer could probably mitigate the problem of idiot users (dancing bunnies, etc. in their inbox) into irrelevance.

It's just shoddy design that .doc files with macros can be opened directly in MS Word without any kind of sandboxing of the file system to prevent macros from rooting around the file system for other documents to infect. The way I see it, you could have a more fine-grained privilege system wher

Re:

[Opportunist]

Doesn't change jack. The social engineering just gets more sophisticated. Like a mail from your bank that actually informs you that the attachment will ask for elevated privileges. Think anyone will refuse? It's bank stuff, ya know, that's sophistimacated and secure and stuff, of COURSE it needs my root password to work right! Or that superspecial download manager you need to download all that free porn? It needs those privs because, you know, it hacks into the sites that actually serve all the porn and to

Re:

[Runaway1956]

Always, the market share argument. And, it's more than half bullshit.

There are little geeky dweebs living in their mother's basements all over this world, who would LOVE TO HAVE BRAGGING RIGHTS. Just being known as "The guy who reliable hacked Linux" would be a wet dream come true for them.

And, they haven't done it yet.

Yeah, market share. But, real hackers aren't interested in low hurdles, they are looking at the pole vault.

Take your market share argument, roll it up and smoke it. That'a about all it's g

Re:

[Opportunist]

Care to back it up? I have here a rather extensive amount of samples per day flooding me, more than I can sensibly analyze away (fortunately 99% are just variants of something I already have). And nearly all of them rely on social engineering at some point. And all of them are for Windows.

These asshats writing malware are not "real hackers". They're businessmen, plain and simple. They don't give a fuck whether they compromise your machine or the one of the doofus next to you. Actually, the doofus is more in

Re:

[drsmithy]

There are little geeky dweebs living in their mother's basements all over this world, who would LOVE TO HAVE BRAGGING RIGHTS. Just being known as "The guy who reliable hacked Linux" would be a wet dream come true for them.

Most of the time it isn't the OS being "hacked", it's the user.

And, they haven't done it yet.

Yes they have. There are/have been hundreds - thousands - of exploits for Linux and Linux software. The difference isn't the existence or non-existence of exploits, it's the user demographic

Re:

[Runaway1956]

I thought we were talking about working exploits. Things that work. Of course there are thousands of exploits. They are found, they are fixed, they are forgotten. Unlike Windows. Having an exploit doesn't get you into a box, after all.

Whatever. You guys keep trotting out the tired argument that it's all about market share. Linux' market share keeps growing, but the malware market share for Linux remains near zero.

Re:

[drsmithy]

I thought we were talking about working exploits. Things that work. Of course there are thousands of exploits. They are found, they are fixed, they are forgotten. Unlike Windows. Having an exploit doesn't get you into a box, after all.

Windows exploits are fixed regularly and frequently.

Whatever. You guys keep trotting out the tired argument that it's all about market share. Linux' market share keeps growing, but the malware market share for Linux remains near zero.

It's primarily about user demographic,

Re:

[helios17]

Agreed...the market share argument has been more than destroyed. It boils down to the three little pigs...the third house stood because of its construction integrity. File system engineering and permissions make Linux more secure...Runaway nailed it. Vista tried to get its users to deal with admin rights and users squealed like the first two little pigs. When the PWN 2 OWN competition ended in 2008, Linux remained untouched. The hacker involved stated that if he had "another 20 minutes" The laptop run

Re:

[smpoole7]

"the main reason why there's so little malware for OSS is because there's so little market ..."

There's some truth to that. But speaking as someone who actively developed and consulted on anti-virus software back in the heyday of MS-DOS 5 and 6.22, I'll share my opinion. I freely admit that things have changed over the years, and that my knowledge is old. But I feel that the basic problems and principles are still the same.

1. Basic philosophies: Microsoft, and thus Windows, basically started on individual, p

Re:

[Opportunist]

Very true. I'd love to chat with you and see how the biz grew. I've only spent the last 10 years in AV development/analysis (so I didn't really do any through research for those good ol' TSR malware and the file infectors are also few and far between these days), so I'm pretty ignorant of the "old days". Your argument is pretty solid and works for DOS. It does not, cannot, for Windows for a simple reason: Multitasking, and very different ways to hide malware.

Back in the DOS days, and please infom me if I'm

Re:

[drsmithy]

This is false. Windows NT was built from the ground up as a "multi-user, multi-tasking environment". With a design superior to the traditional UNIX security model.

2. I argued back in the DOS era that it was possible to stop most malware. My partner and I wrote a three-tiered system: (1), an "innoculator" that did integrity checking on "injected" executables; (2) a behavior blocker that literally patched the DOS kernel (deep inside!), but which granted a pass to any executable that passed a CRC test of a

Re:

[Opportunist]

This is false. Windows NT was built from the ground up as a "multi-user, multi-tasking environment". With a design superior to the traditional UNIX security model.

In theory, yes. And up to NT4.0 it might even have been (forgive me, my knowledge of the NT line before 2k is rather fuzzy as it has never really been the mainstream line for malware... probably for just that reason).

With the merger of the 9x line with the NT line in 2k, we got, security-wise, the worst of both worlds. In other words, essentially

Re:

[drsmithy]

With the merger of the 9x line with the NT line in 2k, we got, security-wise, the worst of both worlds.

There was no "merger" outside of the marketing department. The security model of NT remains the same today as it was at its release (albeit with a few UI tweaks like UAC). Your premise is broken. Broken third party applications are not something that the OS or OS vendor can control.

The rest of your post essentially boils down to what I've always said - you can't secure a system where an ignorant user

Re:

[KibibyteBrain]

Quite frankly, having the source doesn't help exploits much, or at least nearly as much as it helps in correcting exploits. The reason for this is most of the common methods for injecting code into privileged apps are extremely complex and rely on several different parts of the code to be in a certain key state to take place. So save from 1) being a literal genius or 2) having a ton of experience in knowing where security problems in coding tend to pop up(and even here, you will miss most), code review does

Re:the benefits of open source...

[pankajmay]

Face it, thanks to Open Sores we all get to suffer more malware and more powerful malware. If even Microsoft with all their programmers has a hell of a time keeping up with patches and all of that, how are average users going to stand a chance? Tell me again why closed source is such a horrible thing??

Because closed source is equivalent to security through obscurity paradigm -- which never works and worse still - is illusory. You are only asking to live in your la-la land when the reality is different.
Malicious people are going to develop such sophisticated attacks regardless of whether software is closed-source or open-source.

Making such exploits open-source lets us know what sort of channels are exploited. This leads to a better understanding of the weaknesses in the underlying protocol. This is where you have improved software that won't fall down like a house of cards when kicked at the shins.

With closed source -- you are trusting what? An obscure programmer who is under a deadline to push something out the door??

You probably are not even aware of how many times Open Sourcing has saved your a$$. Just because you pretend the problem doesn't exist, does not mean that your ignorance is the truth.

Re:

[JoeMerchant]

Security through obscurity does work much better than open source (when measured in the number of man hours required to break a system).

The problem comes in that obscurity lends a sense of invulnerability, which is false, and the designers of obscure systems don't try as hard as the open ones.

When I am charged with designing a system that is "secure enough," obscurity adds a layer of protection, I try to ensure that there are no embarrassing holes, but at the end of it all, any system, open or closed

Re:

[zwei2stein]

Two points:

* OS security is depended on white hats finding exploits faster than black hats. That is not guaranteed feature and shifts it back to security thou obscurity, even if obscure is in plain sight.
* Most people download OS binaries and not source that they examine and compile themselves. Binary can of course contain evil stuff. There were few issues with forks of p2p clients that included malware but which had sanitized source online. Again, obscurity and illusion of peer-reviewed sof

Re:

[drsmithy]

With closed source -- you are trusting what? An obscure programmer who is under a deadline to push something out the door??

As opposed to an obscure programmer who has no interest in fixing a problem because it's boring ?

Re:

[pankajmay]

As opposed to an obscure programmer who has no interest in fixing a problem because it's boring ?

Nope not really. With open source - you will usually have someone out there who needs to plug that hole because they have a genuine need for it for some reason. They migrate their solution upstream, where it ends up benefiting all.

True, open source also results in abandoned works. But the very fact that you have the code available means that if you take interest, you can do anything with it (or even own and direct its development) as opposed to a black-box that is closed-source. You just have a binary an

Re:

[drsmithy]

Nope not really.

Yep, really. Or, at least, as frequently as your stereotype is also true. You do realise the majority of widely-used open source code is written by the same kinds of people writing closed source code, right ? People being paid to do it by companies like Red Hat ?

You lost me...

[Simulant]

... at "according to Symantec."

Re:

[Opportunist]

I was already puzzled at "new generation".

Re:

[DarkOx]

you dont trust your root ca

Re:

[Dracophile]

I didn't even get that far. I got to "intelligent design" and thought this was a story about mind viruses.

Sometimes I think apple has it right vetting s/w

[Aargau]

Our immune system has an advantage over virii and bacteria due to our greater cell specialization and intelligent response. The problem with modern botnet malware is that the infecting agent can actually be more intelligent and reactive than the host it's infecting.

They have it half-right.

[SanityInAnarchy]

Our immune system has an advantage over virii and bacteria due to our greater cell specialization and intelligent response.

First of all, you're only half-right here. Our bodies evolve diverse ecosystems of bacteria, actually varying quite a bit from person-to-person. The difference is that when we transmit bacteria from person-to-person, we might make each other sick, but that's unavoidable and actually healthy, to an extent -- it boosts our immune response. Computer systems don't get smarter when they get owned, and the risk seems much higher. (It won't kill you, but it could ruin your life, and it could ruin many lives very q

Re:

[znerk]

The problem with modern botnet malware is that the infecting agent can actually be more intelligent and reactive than the host it's infecting.

This is the absolute best place to start when fighting malware. Educate the user, even if it's just "stop letting your kids use LimeWire to download music/movies/apps/trojans/viruses".
Most of the issues that Joe User experiences are completely explainable as PEBKAC.
--
Problem Exists Between Keyboard And Chair. Abort, Retry, Explode?

Re:

[selven]

Our main advantage is that we're all slightly different from each other, so diseases can't usually spread to everyone. The computing world, with its 94% Windows market share, lacks this feature and is thus suffering a permanent Irish potato famine.

Software alone wont ever solve this problem.

[Mattpw]

Call me defeatist but I believe there is no way the whitehats can out software manoeuvre the blackhats with software only solutions. The increasing complexity of modern systems ensures that the security holes will only grow not diminish. But maybe the next software "update" will solve all our problems this time?... The only permanent solution I can see is mass deployment of airgapped two factor tokens specifically for transaction authentication not generic OTP which the trojans are bypassing. This is the only security that I can guarantee what I am authenticating by looking at a airgapped device. I find it increasingly difficult to justify the performance loss for running anti malware software for the ever diminishing protection offered.

Re:

[phantomcircuit]

Sure there is. Whitelists, but nobody has the patience to do it.

Re:

[Alan Shutko]

Apple does. Look at the App Store.

Re:

[Anonymous Coward]

Ohh give me a break. Apple is just fortunate enough not be getting attacked right now. GNU/Linux land is much better prepared than Apple's ecosystem because unlike with Apple on the desktop you haven't got systems where users are installing software from non-repository sources. In both MS Windows and on Mac you do though. In both MS Windows and on Mac there is no system to update everything either. It is left up to applications to do the updating and then users are forced to ok every application. My MOM who

Re:

[morgan_greywolf]

Apple is just fortunate enough not be getting attacked right now. GNU/Linux land is much better prepared than Apple's ecosystem because unlike with Apple on the desktop you haven't got systems where users are installing software from non-repository sources.

One word: PPAs.

Seriously. Think about it. Ubuntu PPAs are not vetted by Canonical or the Ubuntu Dev Team, and could, potentially, be used to spread Linux viruses.

Of course, someone has to go through the work of adding it to the package manager, but Ubuntu as made this relatively painless by 'add-apt-repository'.

Re:

[Anonymous Coward]

And how many non-techies do you think would do that? Most people don't need PPAs when they have 20k+ packages in the main repositories.
Besides, I would hardly call it a virus if you're tricked into installing it. By that account, this mail would also be a virus for Mac and Linux/UNIX:

Please save the following program to a file, run "chmod +x" on it and execute it.
#!/bin/sh
echo Please enter password
su -c "rm -rf /*"

Re:

[tlhIngan]

And how many non-techies do you think would do that? Most people don't need PPAs when they have 20k+ packages in the main repositories.

A lot.

It's just like all those jailbroken iPhones, iPod Touches and now iPads who have OpenSSH with default passwords. (Hint: username is "root" or "mobile", password is "alpine"). Why do they have OpenSSH installed? Because they were blithely following some tutorial on getting something they wanted done. Be it modifying some files, installing various .debs and the like. Tu

Re:

[martin-boundary]

A whitelist merely outsources the need for security from the system which uses the whitelist to the system(s) which is(are) whitelisted.

If A only allows B to connect to its services, then A implicitly relies on B not getting hacked. But if B is hacked, then that hacker can pass through A's whitelist by pretending to be B.

The only time A gains security this way is if B's security is greater than A (more or less).

Re:Software alone wont ever solve this problem.

[Opportunist]

Nope. Whitelisting would first of all require you to KNOW (not to assume, not to guesstimate, but to KNOW) that a given application is neither harmful (ok, that's doable to some degree, provided you invest the time, and hence money, into the whitelisting process) nor can be abused to be an infection vector. And the latter part is what makes the whole whitelisting pointless.

Would you whitelist Flash? Would you whitelist Adobe Acrobat Reader? Would you whitelist your web browser? Or your media player, your MP3 player, your word processor, your instant messenger? Of course, you would pretty much have to or your user would go ballistic on you. Is it an attack vector? Oh, one of them currently certainly is!

Whitelisting only solves the problem if you can ensure that the program you whitelist cannot be used as an attack vector. And you cannot do that unless you wrote the program yourself and thus know the way it handles user input. The moment a given program can open a file, a stream or a network connection, you open that program to user input. And that's the moment when security takes a cigarette break.

Re:

[DarkOx]

Would you whitelist Flash? Would you whitelist Adobe Acrobat Reader? Would you whitelist your web browser? Or your media player, your MP3 player, your word processor, your instant messenger? Of course, you would pretty much have to or your user would go ballistic on you. Is it an attack vector? Oh, one of them currently certainly is!

A more granular white list will will work. What you really need is a white list + ACE/ACL system. Symantec Endpoint Protection actually can do some of this stuff if your admin people invest enough time it writing rules. Yes you whitelist Acrobat Reader but you only allow it to open file streams to files ending in .pdf and only for read. Flash might have to play a little to get that to work, but it to could probably be sandboxed effectively. Your word processor again might need read access to files in m

Re:

[RulerOf]

While I don't have anything to add, do you know of any writeups that detail hardened SEP configurations like the one you describe? I am quite intrigued.

Re:

[JoeMerchant]

In today's regulatory environment electricity would never be approved for use outside the execution chamber.

Anything sufficiently powerful to be interesting and useful is also dangerous, it's almost an inherent property.

Re:

[SanityInAnarchy]

Call me defeatist but I believe there is no way the whitehats can out software manoeuvre the blackhats with software only solutions.

So what do you suggest? Hardware?

The only permanent solution I can see is mass deployment of airgapped two factor tokens specifically for transaction authentication not generic OTP which the trojans are bypassing.

Oh. I was actually being sarcastic.

This won't work. The biggest reason it won't is convenience. Say one credit card company requires such a device, and another promises that they'll be liable for any damages from fraud. Which would you go to? If they both make that promise, what does the consumer gain from the device?

And even this would be spectacularly vulnerable, if you can't trust the host system through which you're accessing whatever you're accessing.

I find it increasingly difficult to justify the performance loss for running anti malware software for the ever diminishing protection offered.

I don't run it at a

Re:

[Mattpw]

Oh. I was actually being sarcastic.

Dont be scarcastic, didnt you know its the lowest form of wit.

This won't work. The biggest reason it won't is convenience. Say one credit card company requires such a device, and another promises that they'll be liable for any damages from fraud. Which would you go to?

You have only given one reason and its not a security one. I would go with the one which offered me the best security and convenience, you didnt consider the inconvenience caused by having your accounts looted which the liability doesnt cover.

If they both make that promise, what does the consumer gain from the device?

You do realise that shifting the liability onto the banks doesnt actually prevent the theft?. The users still pay for it one way or another and its not simply a matter of cost or inconvenience to the public

Re:

[Actually, I do RTFA]

You do realise[sic] that shifting the liability onto the banks doesnt actually prevent the theft?

You do realize that the banks don't have liability in fraud, the merchant does? And distributions of the cost of fraud are spread equally among those who use the crazy-hard system, and those who do not? And the banks actually make money off fraud by telling the merchant to fuck off and fining them for accepting a bogus credit card?

You have only given one reason and its not a security one

People are the biggest

Re:

[Mattpw]

You are right the merchants are getting hit probably just as hard as the banks with credit card fraud, I was thinking more of trojans like Zeus etc which are stealing users banking logins and then filtering money out of peoples accounts to their mules. This liability would or should fall squarely on the banks. The reality is we are probably all getting hit indirectly by this problem and it only seems to grow. Laziness can never be solved, agreed.

Re:

[SanityInAnarchy]

No one said laziness can never be solved, only that it's a security hole, which was exactly my point: Any security system has to take laziness into account. A good example of this is the Linux repository system, which has (somewhat) been adopted by Apple with the App Store -- it rewards laziness (getting your apps through a single, easy-to-use channel) with security (all apps in that channel have been vetted and signed).

Re:

[SanityInAnarchy]

You have only given one reason and its not a security one.

Actually, it is. Any security system that ignores human factors will not work when used by humans, or won't be used by humans, rendering it useless.

You do realise that shifting the liability onto the banks doesnt actually prevent the theft?

No, but it places the responsibility on those who are most necessary for resolution. If the liability was entirely on the consumer, banks and merchants would have little incentive to improve security.

Now, I would much rather have a bit more shifted back to the consumer, so they paid a bit more attention to stuff like this, but that's tricky -- I have to think th

Re:

[Opportunist]

This won't work. The biggest reason it won't is convenience. Say one credit card company requires such a device, and another promises that they'll be liable for any damages from fraud. Which would you go to? If they both make that promise, what does the consumer gain from the device?

I'd go to the first. When a company promises it's liable for user stupidity, you pay for the stupidity of other users. Or where do you think the money to cover that liability comes from?

Re:

[SanityInAnarchy]

When a company promises it's liable for user stupidity, you pay for the stupidity of other users.

So you wouldn't actually compare the rates and find out if it's actually true?

Re:

[Opportunist]

No. Seriously. There is only four possible options what I could find out when comparing that "covering" company vs. the one that decides not to:

First, they're more expensive to compensate.
Second, they're not more expensive and go out of business because they get drowned in the loss.
Third, they notice in time that they're too cheap to stay in business and jack up the fees to compensate.
Fourth, they hope for a bailout.

Neither of these options is looking good.

Re:

[SanityInAnarchy]

First, they're more expensive to compensate.

Could be, but you don't know this yet.

Second, they're not more expensive and go out of business because they get drowned in the loss.

Also a possibility, so long as you understand that this is an entire option. "Not more expensive" does not automatically imply "drowned in the loss."

There is a fifth possibility you missed: The "secure" version gouges their customers to compensate, and is required by law anyway to assume a fair amount of the risk. So you're paying more, getting marginally more security, at a lot less convenience. That's not a tradeoff most people find attractive.

But what I find most dis

Re:

[daveime]

Yes, but Apple haven't solved the problem, they've merely given the user one avenue that is "probably" safer.

Anyone who has a jailbroken phone can essentially install software from anywhere, thus making them JUST as vulnerable as any Windows or Nix user.

You might as well say Apple has cured the problem of AIDs by not allowing people to have sex.

Re:

[Anonymous Coward]

The problem is that the same solution that can address the Trojan problem will make DRM impossible to get around, like trusted computing, curtained memory, etc.

Instead, what I'd like to see would be a standard for secondary access that is accepted by everyone across the board using an offline token system. The token system would allow someone to install an app on their phone (be it a WM device, Android, iPhone, or similar), or be a separate keyfob. Basically like what Blizzard offers for secondary authent

Re:

[maxume]

I'd rather have a secure computer and treat drm as a social problem.

Re:Software alone wont ever solve this problem.

[Opportunist]

Partly right.

What we're essentially trying to do with malware is not unlike what some countries try to do to keep illegal immigrants out. They try to shut down the border. And you know how well THAT worked, right? It's like smashing all the windows in your home and then trying to keep the flies out.

A "total" solution does not exist, and probably never will. Whitelisting, while it would be initially quite secure, won't solve it either. Why, you ask? Because then the malware will be included in "harmless" looking programs. You will get a program that actually does what it should and contains a nifty little payload. Or, if everything fails, we'll get to see an exploit or security weakness in a programm sooner or later. What? Would be detected immediately? Oh yeah, right, and that's why no consoles have ever been hacked using save game exploits. And here even EVERYONE involved in the making of the hard- and the software had the interest to NOT allow something like that to happen.

Back on topic. We're now at the point where the number of usable exploits is down to a handful, actually. There's a reason why malware creators are reaching for exploits in third party software already (btw, Adobe, get the f... off your rear and get your act together!), simply because the useable exploits in the system itself become too few and are fixed too quickly. Recently I've seen the first exploits for popular games. Script support and the general support of user created content really opens that Pandora's box. But they're still few and far between, almost all infections today happen with the consent and actual help of the user. It's social engineering, people! Not software engineering.

The biggest security problem is not in the box on the floor. It's sitting right next to it.

Re:

[sco08y]

What we're essentially trying to do with malware is not unlike what some countries try to do to keep illegal immigrants out. They try to shut down the border. And you know how well THAT worked, right?

Sure, Mexico has been quite brutal, but fairly effective, at preventing illegal immigrants from the Honduras and other Latin American countries. I guess it would make sense to make the US's immigration laws more like Mexico's, after all, it can't be inhumane to treat them the way they treat immigrants to their own country!

Re:

[JoeMerchant]

I'm not saying it's ideal, or even desirable, but what Sony is doing with the PS3 is approaching secure. Most software requires the latest updates in order to function, and the updates stay on top of known exploits. I think it's the suckiest user experience ever, constant waiting for their slow servers to push patches, and sometimes those patches break functionality that _I_ care about, but it does seem to have kept a cap on unauthorized use, at least if you care about using the secure software base.

Re:

[kvezach]

How about fine-grained security? There's no reason Flash should have access to files on your system, so make the OS support (and withhold) capabilities so Flash just plain can't read your files no matter how compromised it gets. Similarly, there's no reason the image rendering component of your web browser should be able to open a server on port 1337 - or any other port for that matter.

It was done with users: an ordinary Unix user can't write to /usr/bin no matter how hard he tries (unless he escalates p

Re:

[oljanx]

I call this job security. I expect it to last until someone manages to develop sentient heuristic AV software. Although, I'll wager that the black-hats will beat white-hats to the punch on this front and continue to out maneuver them. There's a sci-fi novel in there somewhere.

Security?

[tpstigers]

I'm still confused about this whole concept of computer security. No other aspect of my life is particularly secure - why should I expect my computer to be secure? More to the point - why should I expect someone else to provide that security? In every other part of my life, my security is up to me to arrange and maintain. In my job, in my relationships, in my retirement, in my health - it's all up to me. Why do we think our computers will be different?

Re:

[hedwards]

I don't know about you, but I expect the police to provide security, as well as the military and intelligence agencies. They don't provide complete security, but they do go quite a ways. Computer security is like that. On top of that comes personal and community responsibility.

Re:

[AshtangiMan]

Bad analogy. Police don't provide security, they maintain control. The military may provide security, but only for itself. As for intelligence agencies, they are largely a misnomer. So in the end all you have is yourself, and your community.

Re:

[roman_mir]

Police? They'll not provide you with any security at all. By the time the cops get involved there is already a body on the ground.

Military providing security? Like how? After US military has invaded Iraq, hundreds of thousands, if not millions of civilians Iraqis were killed. Is THAT security?

Re:

[$RANDOMLUSER]

Too right. I've taken to asking people "You don't go to the bad part of town and have unprotected sex with junkies, why do you keep downloading this stuff?". Sadly, most people don't get the analogy.

Re:

[Opportunist]

It's mostly psychological.

A computer is something you use at home, at a place where you usually feel secure, safe and untouchable. Even at work you don't expect the door to be kicked open by someone grabbing your purse at gunpoint. Hence people feel safe when using their computer. And hence their guard is down.

Re:

[JoeMerchant]

Your house isn't secure, but you do know when someone has broken in. The problem with computer security is the stealth with which the bad guys can operate, and therefore the scale they can operate on.

My CC# isn't secure in the least, every time I use it for any purchase, I'm trusting some underpaid clerk or waiter to not steal it, but they (usually) have limited ability to profit from the theft because I would eventually notice the bogus charges (my wife checks the online statements almost nightly...)

Re:

[Nolaan]

Certainly because there's no theft on earth that could do 2 millions task once he broke into your house and leave without any trace! You are a grown man/woman so i guess that you have a relativly high control over your life, that is security, the other random deadly things that happen have little probability.

Virus? Malware?

[virtualonliner]

I think we are at a point where we cannot really distinguish between virus or spyware or scareware or whatever. Virus have already started doing what spyware doing a couple years ago. I mean, it sounds just pointless that we distinguish them. Bad program is a bad program. It does not matter what we call it. Guys at StopBadware came up with a good term a few years ago. It's a badware. It does not matter to the end user what it does!

Re:

[Opportunist]

That line has been blurred years ago. Hence I simply refer to the whole bunch of crap soft that does some harm to you as malware. Why bother with the distinction? Is it a virus, a worm, a trojan or an infector?

Does the user care?

No, he doesn't! He only gets confused with the amount of terms used for what is essentially the same: Software that does harm to him. "Oh, it's just a worm, phew, glad it ain't a virus, eh?" No! No, dammit! Malware, badware, whatever we call it, but let's coin ONE term for the whole

Re:

[Kees Van Loo-Macklin]

Actually I agree, but I prefer to call most of these things a virus.
While I am aware that it is not always technically accurate, it has a greater emotional impact on non-technical people.
The fact is, Joe average user is much more likely to take it serious when you say.. your computer has about 10 viruses on it.
If you tell them your computer is infected with malware, they are likely to just say "What's that?".

Re:

[maxume]

So why stay so tame?

Well ma'am, the computer-raper that you downloaded is raping your documents and your photos, and it is about to rape your financial accounts.

Re:

[Zerth]

It's kind of like that saying "Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can."

Similarly, malware will expand until it is an infectious, remotely controlled rootkit that bots MMORPGs using your credit card.

Re:

[metalmonkey]

How else can virus checker providers up-sell?
You want x-ware protection too? add $x.

Macs

[Mr Pleco]

The only solution.

'Cause nothing runs on a mac.

*gigglesnort*

How is this evolution?

[shikaisi]

I know evolution is a much-abused word, but TFA itself states "some malicious codes are a problem difficult to tackle because of their inherent complexity and an intelligent design". Let's give the Intelligent Designer some credit, even when he's a malevolent one. This virus is not going to "evolve" into another form any time soon, it has simple been designed to make limited adaptations to local circumstances.

Re:

[c6gunner]

This virus is not going to "evolve" into another form any time soon, it has simple been designed to make limited adaptations to local circumstances

That's primarily because nobody has bothered to make evolving viruses. Sure, we've made some that can change their code in order to try and avoid detection, but their "mutations" are intentionally limited because, in the end, the "intelligent designer" still wants them to continue functioning in a certain way.

Now, if you didn't give a damn WHAT your virus did as long as it continued to replicate, there's no reason why you couldn't make one that does actually evolve. Now that you've brought it up, I'm almo

Re:

[shikaisi]

That would be a very interesting experiment. After all, the replication time-scale should allow evolution to happen extremely quickly compared to biological experiment. If we found that viruses could evolve into say, GPL software or iPhone apps in order to propagate themselves, I might almost be tempted to believe in evolution.

Re:

[i ate my neighbour]

If we found that viruses could evolve into say, GPL software or iPhone apps in order to propagate themselves, I might almost be tempted to believe in creation.

There, fixed for you

Re:

[Opportunist]

I tried something like that a while ago. It's interesting, do it! Maybe yours can survive. Mine didn't. :)

Re:

[zephvark]

It's evolution in that it's become a very much more serious predator due to competitive pressure over time. That's how it goes. The only question I feel I need to ask about "Intelligent Design" is, if intelligence is something that needs to be designed, who created the designer?

Re:

[sco08y]

It's not so much the abuse of the word "evolution" but the tendency to completely ignore the whole process of human beings collaborating to write this code, and that's really where the story is! Having eliminated the human aspect (deanthropomorphized?) he thus imbues computer viruses with the abilities of living things, abilities that he probably doesn't really understand and I know that, as a typical reader, I have only a basic understanding of how viruses work.

I know editors want to dumb this stuff down,

Ya Ya Ya...

[ebonum]

But is it GPL?

Macro 101

[dinog]

Because when you get to the "then can execute arbitrary code" part, it becomes a fairly general purpose thing. Why not maximize potential profitability ?

Dino

The code looks more like someone was juggling Swiss Army Chainsaws.

Making stupid boxes...

[blahplusplus]

... It might be time for the OS to compartmentalize the browser to have the net enclosed from the main system within a virtual machine. This way even if the "computer" were infected by malware it would disappear whne the VM was closed down, also a whitelist of Executables on the host machine would go a long way to stopping malware and the permanent logging/monitoring of executables or dlls being loaded that are unrecognized so they can be analyzed.

Re:

[jimicus]

Which is fine and dandy except....

.... the closest thing we have to a whitelist (UAC in Windows) is effectively useless because the default response of the end user is almost always going to be to click "Allow".

.... sticking every application in a VM fails horribly as soon as you want an application to do something that may involve interaction (either with the underlying OS or another application). Example: How are you going to download ${RANDOM_APP} if your web browser can only save files within a VM th

Re:

[JoeMerchant]

Problem is if the VM gets sufficiently complex, it's still a significant loss when it gets corrupted. It's all well and good to say that you just want a browser in the VM, but that browser wants all of its plug-ins, and your bookmarks, oh and your saved passwords too... eventually the VM becomes indistinguishable from the whole machine.

If you want to "protect yourself" when doing something unusual and risky, then a VM can be like using a condom... it diminishes the spontaneity of the act, and provides

Impressive summary

[BeerCat]

A summary that mentions "evolving" and "intelligent design" in the same sentence?
Now that really is impressive (and guaranteed to upset both Darwinists and Creationists at the same time )

Boffo! A good one!