informa
/
Risk
News

'Secret' Workshop Explores Future of Malware

Malware will get worse before it gets better

1:00 PM -- I spent the majority of last week at a malware workshop nestled in the beautiful hills of the Santa Fe Institute. Much of the findings of the invite-only conference will either never see the light of day, or will be worked on by various people in dark rooms for years to come. But a lot of great ideas and anecdotes came out of the meeting.

One thing I found especially intriguing had to do with the engineering of the Internet as we know it. When you look at a single laptop that is not connected to the Internet and has no other software on it than what it came with out of the box, you can say that it was engineered. It started with a design, it was built, and a set of software device drivers and operating system were put in place. It’s pretty simple in that context.

However, the second that you put that same device on the Internet, it is no longer an engineered device. It suddenly becomes a node in an organic ecosystem that goes way beyond the original design of the manufacturers. How can you control something that by definition isn’t yours anymore?

You're pulling content from the Web all of the time, even as you read this. Did I write malware into this blog that can take over your machine, steal your credentials, and ruin your online identity? Studies in various malware detection engines show that if I had, there is only an around 50 percent chance your malware detection software (if you have it at all) would have detected it.

So how can you stop something that doesn’t obey the engineering rules put in place, and which in fact is designed to circumvent the very thing that the original manufacturers had intended? I’m not into predictions, but after sitting and listening to the world’s experts talking for a week, I’ll tell you one thing: Malware is going to be around for a while, and it’s going to get a lot worse before it gets better.

— RSnake is a red-blooded lumberjack whose rants can also be found at Ha.ckers and F*the.net. Special to Dark Reading

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5