Monday, December 31, 2007

Herd Intelligence Against Internet Malware

Hi folks,
today I wanna point out this paper on InfoWorld on Herd intelligence. As everybody know, poli-worms can easily change from machine to machine, making hard AntiVirus-companies' life. Often Antivirus and Anti-Malware are based on signature "finger-print" and for that reason it's still easy bypass them. In this paper the Author describes how the companies want resolve this problem using Herd Intelligence. Who is the Herd ? Of course here we are !! Yep,.., companies are thinking to use clients computers in order to grab news malware,new virus signature and so for....


The idea is simple, according to the analyst. If attackers are going to attempt to create different attacks for nearly every individual user, then security software vendors must use their customers' machines as their eyes and ears for discovering and addressing those variants. (from site)


Well, this is an interesting (possible) solution to the problem but what I can't yet understand is why companies are fixed on fingerprint technologies. Using fingerprint means running after malware, not prevent them and not absolutely block them. What I'm asking to myself till now is: why Antivirus companies don't use a behavioral detecting technique ? There are many researches on dynamic malware detection based on API sequences and based on data flows that, if well implemented and well planned can really improve the malware prevention, why company don't invest on this "paradigm shifting" rather then building Client Herd Computers guinea-pigs ?
I'm pretty sure that it will be cheaper, because building Herd Clients' computers means writing more client-side agents as well as rewrite the software detection. Moreover building herd means teach people to understand that, means teach computer technician to repair news systems, means try to persuade people that the new agent sends only malware information and not sensible information and so on.......
Another problem comes from trusted computer field.... How can we know that the news agents installed on ours machines are safe ? Again, how can we know that these softwares don't send sensible and/or private information to Antivirus company ? How can we assume that Antivirus company have good intention ?

If we take as example Diebold company and its Voting Machine, it's pretty easy understanding that these assumptions are really too strong in Internet era.

1 comment:

Anonymous said...

Good day !.
might , perhaps very interested to know how one can make real money .
There is no initial capital needed You may start to get income with as small sum of money as 20-100 dollars.

AimTrust is what you haven`t ever dreamt of such a chance to become rich
The firm represents an offshore structure with advanced asset management technologies in production and delivery of pipes for oil and gas.

Its head office is in Panama with affiliates around the world.
Do you want to become really rich in short time?
That`s your choice That`s what you desire!

I`m happy and lucky, I started to take up income with the help of this company,
and I invite you to do the same. If it gets down to choose a correct companion utilizes your money in a right way - that`s AimTrust!.
I make 2G daily, and what I started with was a funny sum of 500 bucks!
It`s easy to join , just click this link http://jyxaninyl.kogaryu.com/arotek.html
and go! Let`s take our chance together to become rich