Interesting People mailing list archives
more on This worries me-- should I be djf Network Inoculation: Antivirus shield would outrace cyber infections
From: David Farber <dave () farber net>
Date: Wed, 7 Dec 2005 18:43:46 -0500
Begin forwarded message: From: Brad Templeton <btm () templetons com> Date: December 7, 2005 6:34:21 PM EST To: David Farber <dave () farber net> Cc: kadawson () mac comSubject: Re: [IP] This worries me-- should I be djf Network Inoculation: Antivirus shield would outrace cyber infections
There are a number of significant issues with such approaches, though they
are not meritless. a) Many virus writers do so for jollies. They like the challenge of deploying a virus, doing something that consequental, that clever.Raising the bar partway to get in deters only the least skilled of such virus
writers, it actually encourages them. So should we just forget about defence? Alas, many other virus writers have other motives, like takingover zombies to send spam. So we must improve defences but the best way
to do it is to secure applications.In this case, the first thing an attack will do is disable the countermeasure
system on the computer, so that the cure can't arrive. b) As you worry, it's entirely possible the network that spreads the countermeasures could be suborned to carry a nastier infection. A retrovirus of sorts, like HIV going after the immune system. c) There are several kinds of virus/worms out there. There are those that use a protocol vulnerability to invade a system without human intervention, and then spread from there. These can, it's been demonstrated, take over all the vulnerable machines in the world in a matter of seconds. Human analysis is impossible. Automatic detection of such attacks with automatic generation of a cure is an AI level task. Particularly when the attacks learn the algorithms used for detection and the communciation of prevention instructions. It is possible to tell other machines to turn off the internet for a few minutes while human beings look at the problem as quickly as they can. One hopes this would not have to happen too often! d) Another type of attack uses social engineering to get users to execute code that should not be trusted. Ie. the E-mail worm. Such attacks are slower, and can be caught and examined by humans, and broadcast in time. This feature makes sense. ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on This worries me-- should I be djf Network Inoculation: Antivirus shield would outrace cyber infections David Farber (Dec 07)