1:00 PM -- I spent the majority of last week at a malware workshop nestled in the beautiful hills of the Santa Fe Institute. Much of the findings of the invite-only conference will either never see the light of day, or will be worked on by various people in dark rooms for years to come. But a lot of great ideas and anecdotes came out of the meeting.
One thing I found especially intriguing had to do with the engineering of the Internet as we know it. When you look at a single laptop that is not connected to the Internet and has no other software on it than what it came with out of the box, you can say that it was engineered. It started with a design, it was built, and a set of software device drivers and operating system were put in place. Its pretty simple in that context.
However, the second that you put that same device on the Internet, it is no longer an engineered device. It suddenly becomes a node in an organic ecosystem that goes way beyond the original design of the manufacturers. How can you control something that by definition isnt yours anymore?
You're pulling content from the Web all of the time, even as you read this. Did I write malware into this blog that can take over your machine, steal your credentials, and ruin your online identity? Studies in various malware detection engines show that if I had, there is only an around 50 percent chance your malware detection software (if you have it at all) would have detected it.
So how can you stop something that doesnt obey the engineering rules put in place, and which in fact is designed to circumvent the very thing that the original manufacturers had intended? Im not into predictions, but after sitting and listening to the worlds experts talking for a week, Ill tell you one thing: Malware is going to be around for a while, and its going to get a lot worse before it gets better.