26 April 2005

Malware: Defending the difference

As at April 2005, we see malware as being of two different types:
  • Traditional malware (worms, viruses, trojans) that have unbounded malicious potential, and which should be tackled formally (i.e. without running the OS they infected)

  • Commercial malware (spyware, adware, dialers, various revenue-redirection scams) that have to curb abusive behavior so their creators can plausibly deny malware status, and which are thus safe to tackle from within the infected OS
This difference is maintained only through legal challenge; it is not a boundary that can be defended technologically. And this is where we are asleep at the wheel.

Currently, several commercial malware push the envelope:
  • Clickless attack through software defects, e.g. Java exploits
  • Active in Safe Mode
  • Resist termination of in-memory threads
  • Resist or DoS anti-malware removal tools
We have yet to see destructive payloads or peer-to-peer spread, but in most other respects, the boundary is blurring and the time is near when we will need formal tools to clean up commercial malware. We are ill-prepared even for traditional malware; the de facto maintainance OS for NTFS-bound XP is a free download that could vanish in a fit of vendor licensing pique, and av tools that run on this are rare and costly, reflecting the FUD and financial risk that developers must face here. There are no mOS-ready scanners for commercial malware as yet.

As long as the legal climate allows vandalism in the name of commerce, we can expect the boundary between commercial and traditional malware to be poorly defended. As technologists, we should get our tools ready; the need may soon be at hand.

4 comments:

Drunk Girl said...

Hi, what a great page! Really enjoyed it, keep up the great work!
cool spy gadget

swissred said...

spyware adware removal is a hot topic these days, and I'm glad you posted this adware related message on your blog; maybe you'll find more info for your next posts on my adware specialized website. Feel free to grab what you need.

swissred said...

I'm an adware expert, owner of a free adware resource. I'm happy bloggers like you are starting to cover this hot topic. Feel free to get any info from my website for your blog!

freestuff2 said...

You have a nice blog here. Did you know
there Is A 90% Chance That Your Computer Has AdWare Or Spyware On It Right NOW!

Spyware and Adware viruses have rapidly become the number one threat to your computer with over 90% of computers already infected. These include trojans, bugs, ad serving software, monitoring software and more.
I also have a adware scan site-blog. It can help you find and get rid of spyware, adware plus other stuff pn your computer for good. Free downloads.
You should check it out if you get the time!