A race to the finish: Malware against Cyber crime fighters – who will win?
Methodical criminals, largely based outside of the United States and Western Europe, are automating the creation and 
amendments of new viruses, making it possible to toss out thousands of variations of the same virus every few hours, in an attempt to stay a step ahead of the anti-virus firms.
Today‘s cyber criminals are endlessly updating the malware they have managed to install on victim‘s computers replacing older malicious files with new ones in an attempt to keep them hidden.
This scheme has had a profound impact on the daily operations of anti-virus companies. The industry has conventionally fought malware by maintaining large libraries of digital genes know as“signatures“, tiny scraps of computer code pulled from known viruses and worms. Under this method, if the anti-virus software spots a match between a virus signature in its database and segment of code in the user‘s downloaded file or e-mail, the security software will forewarn that user that the program is malicious and attempt to block it from gaining traction on the system.
Malware writers are gradually taking steps to ensure that computers infected with their conceptions stay infected. In the past, no matter of fast an anti-virus product shipped updates to detect the most recent malware, most anti-virus software would finally sound the alarm if a virus managed to slip past its initial defenses.
Due to the large volumn of malware that anti-virus firms are processing each day has made it virtually impractical for those companies to create individual signatures for each new specimen. The anti-virus firms have instead been foreced to invest heavily in methods and technologies for automating new malware analysis.
The automation involves creting more generic signature capable of detecting a larger range of malicious files. That approach relies less on distinguishing any telltale code fragment than it does indentifying a suspicious type of behaviour or overall likeliness to a well-known family of malicious software.
This method has its inadequacies. First of all, employing more generic detection methods can lead to a great number of phony alarms, wherein innocent files are mistaken for viruses. These kinds of errors can be tremendously disruptive for customers, and they’ve become more common as anti-virus makers have increased their reliance on generic detection methods.
All anti-virus companies maintain comprehensive lists of known“good“ files with which to test their daily anti-virus updates and avoid false alarms, many time those tests are never conducted. Sometimes these scans are not performed, but the update is released, putting the users at a high risk to destroy their running, non-infected systems. A handful of these so-called false positives have had a fairly broad impact on customers.
A Russian anti-virus maker incorrectly flagged Windows Explorer – the visual interface for Windows itself, as a Trojan horse program. During the year, a faulty update to certain versions of Symantec‘s Norton Antivirus program detected two essential Windows components as malicious, crippling millions of Windows PC‘s.
Knowledge is power – so perhaps by having the mere knowledge that there are potential malware creators on the lurk daily, one can get into the habit of practicing safe computing – thus eliminating and curbing the figures of the ‘unsuspecting user‘ – as one will be aware of the various tactics these hackers employ – thus squashing any attempts made by them to stay ahead of the grain.
Food for thought!
Comments (1)
Super-Duper site! I am loving it!! Will come back again – taking your feeds too now, Thanks.