CSC 379 SUM2008:Week 3, Group 2
Costs and Benefits of Malware Countermeasures
Examine the changing nature of malware distribution and forms. What ethical concerns are raised by this new set range of threats? Examine the effects (costs and benefits) of countermeasures designed to address these new threats.
- http://www.caci.com/business/ia/threats.html
- http://www.symantec.com/business/theme.jsp?themeid=threatreport
- http://www.gtisc.gatech.edu/pdf/Real%20Message_WSJ_061808.pdf?mod=technology_columns_featured_lsc
- http://news.zdnet.co.uk/security/0,1000000189,39280540,00.htm
Evolution of Malware
Many early viruses were not written to cause serious harm to computers, but were rather written as experiments or pranks meant to be annoying. For instance, the first internet worm was not intended to cause the millions in damage, but was rather written to gauge the size of the internet. Even the Melissa virus, written in 1999, was originally intended as a prank.
Another category of malware that appeared is the type intended to cause data loss. These can either delete files on a hard disk or corrupt a file system by writing junk data. This can be compared to graffiti, as the author's tag follows the malware as it spreads.
Since 2003, another form of malware that has become increasingly widespread is software intended for profit. The rise of broadband internet access has allowed this form of malware to spread. These can include viruses and worms designed to take control of computers for exploitation or denial-of-service attacks designed for extortion.
Furthermore, a new form of for-profit malware that has emerged is spyware. Unlike other viruses, spyware is not spread through email, but rather installed through exploiting security holes or packaged with software. Spyware is designed to monitor a user's web-surfing, display advertisements, or redirect affiliate marketing revenue to the creator.
An additional form of malware is BOTS. BOTS infect a computer and lie dormant until instructions are sent. BOTS are responsible for most of the spam that is propogated. Many of the new BOTS last only for one day, not nearly enough time for anti-virus programs to respond.
Evolution of Malware Distribution
(THIS IS A DRAFT AND WILL BE CHANGED SHORTLY)
Back at the dawn of the scan age, when the first antivirus products crawled out of the primordial ooze, a model arose for the efficient detection of computer viruses.
File infecting viruses spread upon a system by infecting innocent files in a fairly chaotic confusion. So a virus could exist almost anywhere on the drive system. Often they existed all over the drive system.
As numbers increased, and antivirus companies battled it out by claiming they detected more viruses, a model arose for testing antivirus claims. The model correctly focused on testing how viruses really spread and how antivirus products actually scanned. And of course "big numbers" was construed as a good thing. However, the majority of viruses never actually infected users systems, and thus did not constitute a real world threat.
Then, in 1993, a system of cooperative reporting arose that enabled developers and testers to focus more on the actual threat. It was called the WildList and allowed testers to fine tune testing, by moving away from mere numbers and focusing on the reality of the virus threat.
Since the original WildList appeared, the nature of the actual threat to users has changed dramatically. Viruses (that is true viruses that infect files all over the system) are now nearly extinct. Recent WildLists have only a handful of true viruses. Most threats on the WildList today are actually worms. However in today's reality, viruses and worms are comparatively rare. They are a miniscule part of the real and present threats to users.
For example, at the time of this writing, the WildList (August 2007) says that 580 threats have been reported during the past six months. By contrast, at the time of this writing, the malware research lab at Lavasoft received 1500 new threats over the past weekend.
Ethical Concerns of New Malware
<Work in Progress>
As malware has evolved over the years, so have the ethical concerns associated with them.