ITworld: Looking for malware in all the wrong places?

/Home/Internet Security: Articles/Internet Security: ITworld/ITworld: Security

By Markus Jakobsson
March 15, 2010

Anti-virus products scan for malware in two ways. They look for sequences of bits that are found in programs that are known to be bad (but which are not commonly found in good programs). And they run programs in sandboxes and look for known malicious actions. The first approach only catches known malware instances, while the second can also catch variants of these. Still, many malware agents slip through the cracks undetected... until the rules of the anti-virus programs are updated, that is. It is a constant battle between the attackers and the defenders.

Instead of looking for known patterns -- whether of instructions and data, or of actions -- wouldn't it be great if we could look for anything that is malicious? That may sound like a pipe dream.

Not to me.

Let me tell you why. But first, let's agree about some things.

Click the URL above to read the full article