Ramblings of an old Doc

 

So…what is a Polymorphic Virus? Quoting the technopedia:

“A polymorphic virus is a complicated computer virus that affects data types and functions. It is a self-encrypted virus designed to avoid detection by a scanner. Upon infection, the polymorphic virus duplicates itself by creating usable, albeit slightly modified, copies of itself.” – technopedia

So, perfect. Your AV works by recognizing defined viral signatures…so the coders who created the virus know this and write code into their virus that makes it change a bit each time it replicates…just like biological viruses do.

Then, there are the worst…metamorphic viruses. Metamorphic viruses are capable of changing themselves by translating, editing and rewriting their own code, using various methods.

So, the AV software companies are seeking these viruses in the wild, and perhaps purchasing them on the dark web, to get their signatures, and the signatures of their progeny, etc.

This is an endless chase: The AV folks constantly updating their software with definitions…well, that’s the ‘blacklist’ AV software. It is a failure because of the sophistication of the malware.

Whitelisting is somewhat better: You tell the software which programs to allow to run, and no others. Unfortunately, this requires a lot of knowledge to use correctly, because incorrect use will cripple the computer and perhaps even render it inoperable.

If used well…viruses never stand a chance, since they’re not recognized to begin with so they cannot run and morph themselves to defeat AV software.

There are also “heuristic” AV programs which to some degree work on viral behavior…but they work with “pre-defined” viral behaviors, and not all viruses behave the same.

What we need is AV software with AI. Face it…you have a dog at home that barks at burglars, right? You have an immune system which recognizes ‘self’ vs. ‘not self’ and tries to kill ‘not self’. It works on its own, you don’t even know it’s there.

That’s what our computers need: An answer to polymorphic and metamorphic viruses, because to a certain degree, a metamorphic virus is AI.

Source:

http://www.thewindowsclub.com/polymorphic-virus

https://www.ukessays.com/essays/computer-science/the-protective-shield-for-polymorphic-viruses-computer-science-essay.php

https://www.blackhat.com/presentations/bh-usa-08/Hosmer/BH_US_08_Hosmer_Polymorphic_Malware.pdf


Comments
on Jun 12, 2016

Hum, and the banks  want all of us to use electronic transfers. 

on Jun 15, 2016

Once they have all the money and all the weapons...  

on Jun 15, 2016

Thanks for keeping us up to date, Doc.  There is a raging, silent war going on in the background every minute of every day that we use a computer.  Sad.  But true.

on Feb 28, 2017


What we need is AV software with AI. Face it…you have a dog at home that barks at burglars, right? You have an immune system which recognizes ‘self’ vs. ‘not self’ and tries to kill ‘not self’. It works on its own, you don’t even know it’s there.

Unless you have an autoimmune disease... which some antivirus software could be rightly called these days.

What we need are secure operating systems based on principles of least privilege, and users educated enough (and the OS usable enough) that they don't willingly defeat the safeguards themselves. Antivirus is just a bandaid, and making it even more resource-costly to run is not the answer.

on Mar 02, 2017

...ahem...did someone say 'least privilege'?

I could have sworn someone called my name...hehe

 

 

in all seriousness though.....what Kryo said!

 

 

 

 

 

 

 

 

on Mar 02, 2017


What we need is AV software with AI. Face it…you have a dog at home that barks at burglars, right? You have an immune system which recognizes ‘self’ vs. ‘not self’ and tries to kill ‘not self’. It works on its own, you don’t even know it’s there.

Autoimmune disease? Not really. There are no B or T lymphocytes in a computer's guts.

The point is an OS recognizing alien code and destroying it. Heuristic AV programs do something similar. 

The least privilege thing..like an intact integument, I suppose. So, Monk the Dermatologist...when are you going to give us some help with that?

 

on Mar 03, 2017


This is an endless chase: The AV folks constantly updating their software with definitions…well, that’s the ‘blacklist’ AV software. It is a failure because of the sophistication of the malware.
[/quote]

If only the mongrels who create these things would divert their enegies to creating good things instead.  Not only could they be earning good money for their efforts, the world would be a much better place for it.

[quote who="WOM" reply="1" id="3639107"]
Hum, and the banks  want all of us to use electronic transfers. 

Yeah, and with more and more bricks n' mortar branches permanently closing all the time, there mightn't be a choice for millions of people around the globe, especially those in small towns and more isolated areas.  And what pisses me off severely is how banks [especially here in Australia] keep hiking up fees and charges while reducing and even eliminating 'real world' services.  Queues and wait times in banks have grown beyond frustrating because of drastic teller staff cuts.... and try phoning a bank!!!!  With far fewer representatives, also due to drastic staff cuts, one can be on the phone for hours... listening to some doddam awful music with frequent recorded interruptions: "Your call is important to us and....."  

Yeah, sure!!!  If it was that important why did you sack/fire all the telephone representatives?  Oh, that's right, to maximise profits even more and fech the customers.  Fechen bankers!

on Mar 03, 2017

DrJBHL

So, Monk the Dermatologist...when are you going to give us some help with that?

I'm not sure there is much to say other than re-iterate once more some of the critical points I have already in the past.

 

Here are a few basic rules I have followed in the many years I've been in IT and they have kept my systems safe (yes, sometimes from myself).

1.  In whatever OS you are using (yes any and every OS) the first step after OS installation, and prior to connecting to the internet should be to create and secure a separate ADMIN account with all elevated privileges necessary for system-wide operation and then remove those same elevated privileges from your regular USER account.  In corporate environments this would of course be different with 'levels' of elevation assigned to specific management-groups/tiers, but for the average home user a single separate secured ADMIN account will suffice.  Least privilege is something everyone should be able to grasp.  Walk around with the keys to your kingdom and it's only a matter of time before someone takes them from you and you lose your kingdom.

2.  Your OS local security policy is the epicenter of privilege enforcement in your OS.  Learn about it, get to know it, make it your friend, configure it and your system security takes on a completely different landscape.  Instead of relying on edge-level and/or all-or-nothing security anymore; with correctly configured 'security polices' enforced your system is now capable of protecting itself in layers.  Layered defenses are much harder to breach and that much easier to recover should something slip past the edge defenses. 

If you however have the 'home' version of an MS OS, you will be unable to manage the 'local security policy' and will have to make do with tightening up the UAC (user account control settings).

3.  Your browser of choice.  Do not install bullshit add-ons for this or for that.  Not only will most of them serve to slow your browsing experience how do you know what they connect to behind the scenes?  I've seen many browsers so add-on riddled that when I've shown a client the various IP's (servers) their browser 'pings' each time they open it most are no longer surprised their 'connection seems so slow/sluggish all the time'.  Blocking of certain web traffic is the job of an edge network router, NOT some bullshit add-on in your browser AFTER it has already penetrated your network and your system.  Get the best network edge router you can afford, then configure it properly.  Then if you've done step 1 and 2, you need not worry about your browser anymore.

 

These are 3 of the basic principles I have, and continue to compute by.  Computing by them may not guarantee your safety, it will however make you the least desirable target and well, we all know what happens to the low-hanging fruit!