more on This worries me-- should I be djf Network Inoculation: Antivirus shield would outrace cyber infections

[David Farber <dave () farber net>]

Begin forwarded message:

From: Brad Templeton <btm () templetons com>
Date: December 7, 2005 6:34:21 PM EST
To: David Farber <dave () farber net>
Cc: kadawson () mac com
Subject: Re: [IP] This worries me-- should I be djf Network  
Inoculation: Antivirus shield would outrace cyber infections


There are a number of significant issues with such approaches, though  
they
are not meritless.


a) Many virus writers do so for jollies.  They like the challenge of
deploying a virus, doing something that consequental, that clever.
Raising the bar partway to get in deters only the least skilled of  
such virus
writers, it actually encourages them.   So should we just forget about
defence?  Alas, many other virus writers have other motives, like taking
over zombies to send spam.   So we must improve defences but the best  
way
to do it is to secure applications.

In this case, the first thing an attack will do is disable the  
countermeasure
system on the computer, so that the cure can't arrive.

b) As you worry, it's entirely possible the network that spreads the
countermeasures could be suborned to carry a nastier infection.  A
retrovirus of sorts, like HIV going after the immune system.

c) There are several kinds of virus/worms out there.  There are those
that use a protocol vulnerability to invade a system without human
intervention, and then spread from there.   These can, it's been
demonstrated, take over all the vulnerable machines in the world in
a matter of seconds.  Human analysis is impossible.  Automatic detection
of such attacks with automatic generation of a cure is an AI level
task.   Particularly when the attacks learn the algorithms used for
detection and the communciation of prevention instructions.

It is possible to tell other machines to turn off the internet for
a few minutes while human beings look at the problem as quickly as they
can.  One hopes this would not have to happen too often!

d) Another type of attack uses social engineering to get users to
execute code that should not be trusted.   Ie. the E-mail worm.
Such attacks are slower, and can be caught and examined by humans,
and broadcast in time.   This feature makes sense.




-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/