Antivirus software is created using the same basic methods employed by doctors to develop vaccines for biological viruses. Just as a doctor uses a live sample of the virus to discover how it replicates and pinpoint a weakness, the antivirus vendor must obtain a copy of the actual virus to study how it works its evil.
This way they can find out how to attack the attacker with their antivirus software.
But there is a major problem with this method—the time lapse between the bad guy’s release of the virus and the good guy’s updated software to detect it. Consider the SQL Slammer worm of 2003. In under one hour, it spanned the globe and effectively shut down the majority of Internet traffic; vendors were unable to release their detection software until hours later.
A second problem with analyzing an existing virus before “curing” it is the dramatically increasing number of viruses requiring detection. Currently, McAfee’s weekly update is roughly 5 Mb in size, but this could easily grow up to 100 Mb within years. A file that size would not only be too much to expect users to download every week; it also could dramatically impair computer performance. Verifying all network traffic against such a huge database is a daunting task.
Clearly this is a reactionary rather than proactive plan of attack, so the antivirus vendors are always playing catch-up behind the malware creators. This allows for that dangerous window of time in which the malware is free to wreak havoc. Even with the most advanced heuristic scanning—scanning that is able to detect some unknown threats by comparing traffic to existing virus-like activity or seeking out anomalous behavior—many new viruses will slip through the cracks.
Meanwhile, dangerous malware programmers and developers are out there eagerly creating the next mega-virus to spread around the world and immobilize the Internet. And while these programmers do use past viruses for examples of what to do (or not), they also explore, hack, and hunt for new flaws and vulnerabilities to exploit.
So clearly the ideal solution is to reverse the roles and have the good guys thinking ahead of the bad guys. The vaccine needs to precede the virus in order to win the game. But this is a scary prospect—intentionally teaching smart people how to create viruses.
In fact, the University of Calgary will offer a class this fall in which students learn to do just that. And while risk of an accidental virus release will be minimized by prohibiting students from taking any removable media from the lab, and keeping the work disconnected from the real world at all times, there is always risk involved in teaching humans how to be malicious.
This issue is currently a topic of heated debate, with AVIEN(Anti-Virus Information Exchange Network) and AVIEWS(Anti-Virus Information and Early Warning System) passionately opposing the strategy in favor of teaching only “subject matter relating to the prevention, protection, and cure, rather than how to attack and destroy”. In response, the University of Calgary has issued the following statement:
“It is time for critics to take their heads out of the sand and work with us to start developing the next generation of computer professional who will be proactive in stopping computer viruses. The current approach of reacting to the viruses is simply not working.”
The statement then lists the many security measures planned to ensure that students can be trusted and viruses will not escape. But again Robert Vibert of AVIEN counters by pointing out that “there’s nothing stopping them from learning how to do it and write a slightly different virus at home. This is giving them skills that they can apply without copying anything out of the labs.”
Not only that, but some experts argue that teaching students how to create viruses does not necessarily make them effective anti-virus programmers. (why?)
But again, the University of Calgary argues that just as Prohibition didn’t stop the consumption of alcohol and gun laws don’t prevent the sale of guns, anyone with malicious intentions will find a way to get this information without having to take a class for it; and “it is naïve and dangerous to think that virus writers can be stopped without a better understanding of how they operate.”
In fact, there is already an entire industry devoted to teaching the art of network security through the study of hacker tricks and techniques. Why wouldn’t this knowledge allow administrators to better defend against a network attack? And why wouldn’t this proactive method not help in the defense against viruses as well? Attempting to keep methods of virus creation a secret from the good guys will not keep the underground bad guys from finding them out anyway, and certainly won’t help to boost the proactive fighting skills of antivirus vendors. The next generation of threats is always right around the corner; we must find new ways of being prepared.
Only through this type of experimentation will those brilliant, proactive methods be discovered. If Albert Einstein was limited to studying existing principles of physics, he would never have authored the Theory of Relativity; and if Thomas Edison was stuck with candles and prohibited from attempting to develop his own light source, we might still be fighting the dark.
Great discoveries require breaking the mold and conquering unchartered territory, not lazily studying what is already known to exist. Without those people who have the guts to think outside the box, we would still think the Earth is flat and the Sun orbits the Earth.
Virus prevention as a science will continue to creep along and lag behind the malware creators as long as daring, proactive methods are not employed. In the chess game of virus versus antivirus, the bad guys are always one step ahead, causing the good guys to take only reactive moves. This is a losing position to be in, and I applaud the initiative of the University of Calgary to create a body of security experts trained to start making the first move and take over that winning position.
Computer Repair Services in Frederick Maryland by
CWP Tech Solutions Inc
1446 W Patrick St Frederick Maryland 21702
301 662-6219
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
