More Calls For Behavior-Based Virus Fighting

from the of-course dept

It's no surprise to see this article so soon after such a major virus outbreak. People are wondering, yet again, how come our anti-virus systems work in a reactive way - after discovering a virus, pushing out an updated virus definitions file to protect subscribers. The problem, of course, is that this only happens well after the virus is in circulation. So, once again, we get calls for more pro-active, behavior-based anti-virus protection. Since the last big virus outbreak, a few such products have started appearing on the market. Though the initial offerings are mostly focused on enterprise users, they're likely to trickle down pretty rapidly. Still, I stand by my earlier prediction that behavior-based virus fighting will have unintended consequences. First, it will end up blocking/stopping certain legitimate behaviors that the system interprets incorrectly as virus activity. Second, it will just encourage virus writers to adapt and start writing viruses that piggyback on legitimate uses in order to sneak past the filters. It's pretty clear that current anti-virus methods aren't working, but behavior-based anti-virus fighting may not be the best solution either.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Matt, Jan 30th, 2004 @ 5:34am

    No Subject Given

    in any case I would think that most antivirus companies faced with:
    a) write whizzbang software that solves all virus problems forever
    or
    b) have a tasty monthly revenue from people downloading updates to signature files
    are going to go with b) even if a) were possible

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    aNonMooseCowherd, Jan 30th, 2004 @ 7:47am

    mind-reading virus detection

    "Behaviour patterns"? I supposed he would treat any program that deletes files as a virus because that's one behavior of a virus. Sounds like he's asking for software that can read minds.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Mikester, Jan 30th, 2004 @ 10:26am

    Not likely

    I would imagine in order for this to work, the AV software would have to reverse-engineer in some way each attachment/software/file passing under it's nose in order to see what the intentions are. That's probably a big no-no under the DMCA and would surely be challenged in court by someone very quickly.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This