Security threats Toolkit

Next-gen viruses need next-gen responses

Tags:
Viruses,
Av,
Malware

Leader ZDNet.co.uk

Published: 21 Mar 2005 13:35 GMT

Evolution is a powerful idea. It predicts that as an environment changes, the organism that best adapts will be the most successful. This should be warning enough to malware security software writers to stay alert — and already, the next generation of hostile software is proving more intelligent than the last.

There have been no major Slammer-type global outbreaks of rapidly spreading, destructive viruses since last May, but that's no cause for celebration. With big money behind them, the virus writers are turning to new and more subtle ideas and are learning to evade removal. This matches what parasitologists have long known: successful parasites do not kill their hosts. But they can do a great deal of harm.

Researchers say that small-scale deployments of extremely stealthy viruses are regularly observed, infecting a thousand or so computers — not enough to justify the time of the overworked signature writers at the major software companies, but enough to harvest plenty of passwords and other personal information.

That level of penetration is also enough to test the limits of other kinds of malware detectors, such as heuristic software that tries to stop malevolent code by analysing what it does rather than what it is. Each unstopped virus produces valuable information for use in the next, even better variant — and with each new one, the advantage slips more to the attackers.

There are many other problems in malware security. Why do we need to run two or three or four separate products — often inclined to fight one another — just to be confident of protection? Every major IT company with a security lab has interesting and potentially vital new ideas, but sees them primarily as profit opportunities. This is not wise.

We must be better evolved. Researchers must co-operate more, so that resources can be used to track down and eliminate even the craftiest slow burner of a virus. Microsoft may care to reflect on its role and responsibilities here. There is a good case for splitting up research and commercialisation too, with malware information made as widely available as possible. Where is the open XML standard for virus description?

Treating malware as a commercial opportunity is short sighted and dangerous. It is primarily a matter of public IT health. Our experiences in biology should inform our decisions in technology: there'll be plenty of chances to make money, even with openness and cooperation. We can evolve to do this, but we have to stay alive first.