Read this a couple of times, than read it several more times, and repeat. It's usually "powerful stuff" that prompts such confusing descriptions of what sound like defense in-depth at one point, and a combination of intergalactic security statements in respect to the "massive amounts of computing power required" to solve the "security problem" at another. Stop predicting weather and assessing the impact of global warming, and command the supercomputers to figure our the scientific mysteries behind common insecurities :
"Even if we can't produce effective network security, we can at least make it more difficult and therefore expensive to attack a network by adopting some of the hacker's own techniques. He favors randomizing the use of a number of techniques for filtering content, so that individual malware vectors will sporadically stop working. By changing the challenge involved in compromising systems, the whole malware economy is changed. Stolfo also took a positively Darwinian view of how much change was needed, suggesting that security only had to be good enough to make someone else's system look like a more economical target. Overall, the talks were pretty depressing, given that the operating systems and software we rely on will probably never be truly secure. The process of blocking malware that takes advantage of this insecurity appears to be entering the realm where true security has become one of those problems that requires massive amounts of computing power and an inordinate amount of time."
The operating systems and the software we use can be truly secure, but will be useless compared to the currently insecure, but useful ones we're using. Now here's a great and straight to the point article, that's segmenting the possible uses of a host that's already been compromised, a great example of how innovations in terms of improved Internet connectivity, increased CPU power, and flexibility of online payments both steamline progress, and contribute to the growth of the underground.
Beat malware by doing what malware authors do? Sounds great. Malware authors outsource, do it too. Malware authors embraced the on demand SCM concept, embrace it too. Malware authors consolidate with stronger strategic partners, and acquire the weaker ones by providing them with DIY malware creation tools in order for them to make the headlines at a later stage, consolidate too. Malware authors keep it simple the stupids, you fight back with rocket science theoretical models and shift the focus from the pragmatic reality just the way it is - consolidation, outsourcing, shift towards a service based economy, quality and assurance of the malware releases, malicious economies of scale in the form of malware exploitating kits, ones it's getting hard to keep track of these days.
At the bottom line, how to solve the "malware problem"? It all depends on who you're solving it for. Long live marginal thinking.
Related posts:
Malware - Future Trends, January, 2006
Underground Economy's Supply of Goods and Services
The Dynamics of the Malware Industry - Proprietary Malware Tools
Managed Spamming Appliance - The Future of Spam
Multiple Firewalls Bypassing Verification on Demand
No comments:
Post a Comment