Malware vs. anti-malware, 20 years into the fray

From Robert Morris Jr. to mayhem, with tips for practical living

Another common malware trick is to simply disguise the bug du jour using a packer program. A packer, just like the Zip utility you probably keep around to compress and decompress files, squeezes the unsocial program into an unrecognizable format. Then, when the time is right, which is likely these days to be at some random time after it's arrived, the bug unpacks its luggage and starts making a mess of your PC. Other disguise techniques turning up include encryption and, for script-based attacks, obfuscation attempts.

The anti-malware people continue to come up with signatures for both old and new malware programs in all their various polymorphic, packed, encrypted, obfuscated "glory." As you might guess, this isn't easy. Antivirus companies now run labs 24/7 to generate up-to-date signatures for your security programs.

A more modern and efficient way to tackle malware is to look not at what the programs look like, but at what they're capable of doing. This technique is called heuristics. The term itself is taken from the Greek for "rule of thumb," and the practice, as conducted in the human brain, is a combination of creativity plus common sense. In the security-software "brain," it entails applying rules of behavior rather than simple pattern-matching.

For example, your anti-malware scanner might find it a little odd that a new program seems to have the ability to open your Outlook and Gmail address books without requiring any user commands. "Hmmm," the scanner says to itself, "This doesn't look good." And, of course, it's right.

Still another approach is to simply give the suspicious program some virtualized space from which the rest of the system is protected. This is called a sandbox -- to do its business and see what happens. If it tries to dance a fandango on your financial files, we know it's a baddie. Some programs provide for sandboxing; others require administrator setup.

Zeroes and heroes

You may have noticed something with all these anti-malware techniques: They're all reactive. That's not good. But as things stand now, there has to be a problem for the engineers to react to; only then can they release a program update to care of the latest problem. Zero days (a.k.a. 0days) are a by-now-familiar shorthand for security vulnerabilities for which no patch yet exists. Seeing what a zero-day vulnerability means for both sides of the malware fence provides a sense of how each manages the situation.

Malware writers may pass each other news of zero-day discoveries for days or weeks before the makers of the compromised software know there's trouble. In a few cases, researchers who haven't been able to get the attention of a large software vendor have gone public with their information, either to prove they had the knowledge or to shame the manufacturer into doing the right thing and patching up.

But even when it's no longer zero day, the game isn't over. The same day that a zero-day security problem in Vista is fixed, for instance, malware makers start working like beavers on speed to retrofit their malware to use that "fixed" security problem.

What's that you say? Why would they do that when the hole has been patched? They do it because with a gazillion systems running Windows, they know that the sooner they get their rejuvenated trash program out there, the greater number of vulnerable systems it'll still find during the remaining "vulnerability window."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Steven J. Vaughan-Nichols
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?