Digital Security Seminar: Optimising Malware
Optimizing Malware (abstract) doesn't sound like something one would really want to do as a "good guy" in computing, and really, it isn't. In fact, this paper (or at least the associated talk which I attended) is more about developping a set of metrics to see how optimized a given piece of malware is for its purpose. Measurements make it easier to compare things, and goodness knows malware (viruses, spyware, worms, etc.) has a ways to go in efficiency, and it could be useful to be able to put them on a scale and see if there are any trends.Dr. Fernandez actually stood up and said, up front, that there was nothing particularly new here, just a nice organization of existing knowledge about the ways in which malware is typically not good software.
That malware contains horrible code is of no surprise to most people who've looked at virus code, but I find a lot of people are shocked the first time they find out how utterly inefficient and buggy some viruses are. (Mind you, people are also shocked when they find out you can just read virus code without getting a virus, so what can I say?) If you're interested, read up on the evolution of Code Red if you want a nice example of buggy virus code (and how it's still causing problems world-wide). Also, read up on the Morris/Internet worm if you're curious about more advanced virus technology. Yes, that's right, the first Internet worm contains stuff rarely seen in more recent viruses. (I have good academic papers on these subjects, but I don't seem to have links handy right now, so try wikipedia or something.)
The point is, it's known that current malware is not terribly efficient and could be much better. Dr. Fernandez suggested that his metrics could eventually be used for security types to make guesses about more advanced malware so that we could build more advanced systems. And here's where the most interesting question of the talk came up: why?
Current malware, as inefficient as it is, isn't being perfectly handled. We haven't built any perfect virus scanners yet. Why push towards problems that don't yet exist when we can't solve those that do?
There's always the "So we're prepared for the future!" argument towards doing co-evolution by yourself (as in, trying to evolve both sides on your own), but, well, I have to admit that as fun as academic thought-exercises are, the person who asked the question has a point about how it might be better to use our combined brain power to solve real-world problems rather than spending time making up ones that don't yet exist.
All in all, though, an interesting talk, and a potentially useful way to look at malware.
posted by T @ 4:03 PM
0 comments
