Search Engine For Criminals >>
<< Teen Scammer Caught Again
 tdicon 


Overhype

by Mike Masnick

Fri, Jan 30th 2004 1:46am





More Calls For Behavior-Based Virus Fighting

from the of-course dept

It's no surprise to see this article so soon after such a major virus outbreak. People are wondering, yet again, how come our anti-virus systems work in a reactive way - after discovering a virus, pushing out an updated virus definitions file to protect subscribers. The problem, of course, is that this only happens well after the virus is in circulation. So, once again, we get calls for more pro-active, behavior-based anti-virus protection. Since the last big virus outbreak, a few such products have started appearing on the market. Though the initial offerings are mostly focused on enterprise users, they're likely to trickle down pretty rapidly. Still, I stand by my earlier prediction that behavior-based virus fighting will have unintended consequences. First, it will end up blocking/stopping certain legitimate behaviors that the system interprets incorrectly as virus activity. Second, it will just encourage virus writers to adapt and start writing viruses that piggyback on legitimate uses in order to sneak past the filters. It's pretty clear that current anti-virus methods aren't working, but behavior-based anti-virus fighting may not be the best solution either.

3 Comments | Leave a Comment..


If you liked this post, you may also be interested in...
 

Reader Comments (rss)

(Flattened / Threaded)

  1.  

    No Subject Given

    identicon
    Matt, Jan 30th, 2004 @ 5:34am

    in any case I would think that most antivirus companies faced with:
    a) write whizzbang software that solves all virus problems forever
    or
    b) have a tasty monthly revenue from people downloading updates to signature files
    are going to go with b) even if a) were possible

    reply to this | link to this | view in thread ]

  2.  

    mind-reading virus detection

    identicon
    aNonMooseCowherd, Jan 30th, 2004 @ 7:47am

    "Behaviour patterns"? I supposed he would treat any program that deletes files as a virus because that's one behavior of a virus. Sounds like he's asking for software that can read minds.

    reply to this | link to this | view in thread ]

  3.  

    Not likely

    identicon
    Mikester, Jan 30th, 2004 @ 10:26am

    I would imagine in order for this to work, the AV software would have to reverse-engineer in some way each attachment/software/file passing under it's nose in order to see what the intentions are. That's probably a big no-no under the DMCA and would surely be challenged in court by someone very quickly.

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>


Search Engine For Criminals >>
<< Teen Scammer Caught Again
 tdicon 

A word from our Sponsors...
Follow Techdirt
Flattr rss rss

Powered by Postrank

From the Techdirt Archive...
A word from our Sponsors...

Close

Email This