Joanna Rutkowska ," detecting file infections was a waste of time".

Check out this blog here by Joanna Rutkowska
http://theinvisiblethings.blogspot.com/
and the followup news.
http://www.securitypronews.com/insi...-49-20070905RutkowskaMcAfeeSparringAgain.html

 

Well, most of what we deal with today are not infected executables. Its more like Trojan down loaders delivered either through an intentional package like some free screen saver, or via a browser vulnerability using a hacked web site. Same goes for boot sector viruses. The term virus may be obsolete as most malware is non replicating. Delivery is accomplished by means other than the malware package itself. We are also in an age where distinguishing spyware from more malicious forms of malware is getting more difficult. This leaves me somewhat uncomfortable with the idea that separate apps should deal with spyware and the stuff that is worse, as in setting up bot networks and loading key loggers. Perhaps Symantec has a good idea with its Anti-Bot product (if it works).

 

Actually the number of file infectors is increasing. They are usually harder to detect and also harder to remove.

 

How do you know this?

 

Hello,

He's in the know.

But I agree with detection being ... futile. Human mind can only work to the limits of its own exploits. Beyond that, no software can help.

If something is wrong, good, but if something is good, what then? How far do we trust ourselves, the scanners, the distributor, the vendor etc...

It comes down to a simple principle: if in doubt, there's no doubt.
If you gonna run it, run it, no reason to scan... just prolong the suffering.

Mrk

 

I can understand that AV companies are not going to find a solution that will stop viruses forever or at least that they are not going in that direction.

But... we have the same situation in health, big drug companies are blocking ideas that could stop disease...

 

Every now and then someone says the ISP's should identify all the Bots and shut them down until fixed. However, they can't charge for service during the shutdown, so don't expect the ISP's to leave that revenue on the table.

 

I was never afraid of trojans, backdoors and mumbo jumbo mass mail worms, but i still have plenty of respect to real viruses. What would you be more afraid of a regular headache (mass mail worms) or parasitic virus (file infectors)?
I can spot that regular junk bilions of miles ahead. But you can't spot file infector without checking file content. It can be any executable, legit or not, from known vendor or not. It can be made by Symantec and just passed through infected PC and next user has no chance of spotting anything suspicious about it even though it's actually infected.

 

I agree with you, RejZoR. File infectors and macro viruses are difficult to spot (from the point of view of an average or above-average user like me). Other kinds of malware are easily avoided with safe computing + common sense.

 

no offense to the original poster (of this thread ), he didnt write it.

but this article was a 'waste of time'

 

@C.S.J

If you are trying to say that the blog writer didn't write it then maybe you missed this part:

So, do I want to say that all those years of A/V research on detecting file infections was a waste time? I’m afraid that is exactly what I want to say here.

AFAIK Joanna Rutkowska is a clever lady who knows how to grab attention. Her blue pill was overrated and the answers she gave to the challanges were really laughable.

Again if you see her blog (with comments), you'll find Vesselin Bontchev cleared up her confusion nicely but she just didn't acknowledge it. This is one of the many reasons I like forums like this more than a blog (unless of course if it belongs to someone respectable).

 

nope i meant the original poster of this thread.

 

Oh sorry.

 

I could not think of any other thread heading. Sorry about that.

 

I just saw an article over at Neowin about an Ebay bot net attack that was being delivered by compromised websites. So far as I can tell, this is one of the main methods of infiltration today.

Someone please explain to me why infected files are so important when compromised websites and trojan loaded crapware are so common today. I get the feeling someone is worrying about a technical or theoretical problem when the real deal is 10 or 100 times worse.

 

Just password-protect your whole OS with your own program in BASIC, C++ or one you can buy, and ditch your AV, SSM, firewall, etc. This "ZERO DAY" BSola is like a broken record. But Opera is still faster that IE!

Dave
One of the VERY few people who knows why C, C+ and C++ are so-called!

 

I don't think there is a C+ programming language, so yes you are amoung the "VERY few". There is a C+- though

Also, how would password protecting your drive do anything for you, a virus can still delete and corrupt password protected files. In addition, getting rid of a firewall while still having open ports with services listening on them that you did not explicitly enable and ensure the security of is not a good idea.

As to protection, I would always say backups are the best solution, such as to a tape or usb drive. That way if you are hit, it takes little time to come up to a pristine state without having to worry whether or not the infection was actually taken care of.

Cheers,

Alphalutra1

 

Indeed there is a C+ programming language, and password protection is an effective alternative to AVs, HIPS, etc. Just email the guys at LLNL.gov or PDG.gov, and tell them Dave sent you! The whole password protection idea -- properly implemented -- secures both user/client/net interface/internet by password protocol. Does that make sense? Or am I obfuscating the obvious? I don't always explain things well.


Dave

 

Hello,
Do explain again.
Mrk

 

Okay. For anyone who or anything that wishes to access my PC, a password is needed. The password changes pseudorandomly and can be seen only by me. If I deny entrance, the file is deleted or the intruder is denied entrance. If I download something which might be viral or potentially destructive and if I wish to install it, my password system informs me of each act being performed and I must afford it my approval at each step of istallation by a password which shall change several times before any other change by installation occurs. No one, no program can read the passwords which resides on a drive run by The Edinburgh-Cambridge LCF three-teir platform and is echoed to a "dummy" second monitor which cannot be recognized by Windows, Linux, etc.

Was that okay?

Dave

 

That system would have a usability rating of "well below zero".

"each act being performed", like each file copied? each registry entry set?

right.... as if anyone would actually start entering 3278 pseudorandom passwords to install open office (default install, not counting temp files)...

you'D probably have to enter a few hundred passwords just to boot the damn thing

even if that wouldn't be an issue, such as system basically implements no help to a user at all, since he's the one who has to make each and every decision (good or bad).

 

Lack of critical thinking and erroneous statements on both counts. AV companies will increase profits if they develop something that works. As to drug companies, they also profit greatly if they find a disease stopper.

 

okay, I have searched google, and I cannot find one. Maybe I am lacking something in search skills. There is a C+@, which was originally calico, maybe that is what you are thinking of? Please provide a link because I am interested in learning more.

Wow, that method is pretty horrible in terms of usability and ability to implement. I don't think it will catch on, ever, if you ask me I think I will stay with my current setup right now, I don't think I will get infected for a while (malware writers will need to start writing some more things and releasing them into the wild for my OS before I begin to worry, and even then, I think there are much more pressing security matters)

Cheers,

Alphalutra1

 

C = pretopos semantics of programming languages
C+ = separated presheaf semantics of programming languages
C++ = full topos semantics = full sheaf semantics of programming languages = typed logic based on equality
LCF -- if you'll read my post (!) -- is logic for computable funtionals, which handles all the work on another drive. The system works very well! Ask the guys at NASA.gov, LBL.gov., LLNL, etc. Be sure to tell them that Dave sent you!

Dave