<< Teen Scammer Caught Again  |  Search Engine For Criminals >>

Overhype

Overhype

by Mike Masnick

Fri, Jan 30th 2004 1:46am




More Calls For Behavior-Based Virus Fighting

from the of-course dept

It's no surprise to see this article so soon after such a major virus outbreak. People are wondering, yet again, how come our anti-virus systems work in a reactive way - after discovering a virus, pushing out an updated virus definitions file to protect subscribers. The problem, of course, is that this only happens well after the virus is in circulation. So, once again, we get calls for more pro-active, behavior-based anti-virus protection. Since the last big virus outbreak, a few such products have started appearing on the market. Though the initial offerings are mostly focused on enterprise users, they're likely to trickle down pretty rapidly. Still, I stand by my earlier prediction that behavior-based virus fighting will have unintended consequences. First, it will end up blocking/stopping certain legitimate behaviors that the system interprets incorrectly as virus activity. Second, it will just encourage virus writers to adapt and start writing viruses that piggyback on legitimate uses in order to sneak past the filters. It's pretty clear that current anti-virus methods aren't working, but behavior-based anti-virus fighting may not be the best solution either.

3 Comments | Leave a Comment..

 
 

Reader Comments

(Flattened / Threaded)

    Jan 30th, 2004 @ 5:34am

  • No Subject Given

    by Matt

    in any case I would think that most antivirus companies faced with:
    a) write whizzbang software that solves all virus problems forever
    or
    b) have a tasty monthly revenue from people downloading updates to signature files
    are going to go with b) even if a) were possible

    (reply to this comment) (link to this comment)

    • Jan 30th, 2004 @ 7:47am

  • mind-reading virus detection

    by aNonMooseCowherd

    "Behaviour patterns"? I supposed he would treat any program that deletes files as a virus because that's one behavior of a virus. Sounds like he's asking for software that can read minds.

    (reply to this comment) (link to this comment)

    • Jan 30th, 2004 @ 10:26am

  • Not likely

    by Mikester

    I would imagine in order for this to work, the AV software would have to reverse-engineer in some way each attachment/software/file passing under it's nose in order to see what the intentions are. That's probably a big no-no under the DMCA and would surely be challenged in court by someone very quickly.

    (reply to this comment) (link to this comment)

Add Your Comment

Have a Techdirt Account? Sign in now.
Get Techdirt’s Daily Email
Plain Text HTML
Save me a cookie
  • Plain Text: A CRLF will be replaced by break <br> tag, all other allowable HTML is intact
  • HTML: No formatting of any kind is done without explicitly being written in
  • Allowed HTML Tags: <b> <i> <p> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Close
Have a Techdirt Account? Sign in now.
Get Techdirt’s Daily Email
Plain Text HTML Save me a cookie

<< Teen Scammer Caught Again  |  Search Engine For Criminals >>

Search Techdirt
And now, a word from our Sponsors..
San Francisco Music Tech 2009
15% off discount for Techdirt Readers



Subscribe to Techdirt's Daily Email Newsletter

Techdirt's Daily Email Newsletter

Related Stories

Don't Blame Facebook For Some Kids Beating Up Another Student (60)

Would Top Sites Really Opt-Out Of Google Based On A Microsoft Bribe? (38)

Sony Pictures Having Its Best Box Office Year Ever... Still Blaming Piracy For Killing The Business (38)

Yes, Bad People Use Facebook Too (8)

New Google Book Settlement Tries To Appease Worries (11)

Close
E-mail It