Today’s dynamic Internet threatscape is changing so rapidly, that the innovations and creativity applied by malware authors can easily render an information security course’s curricular on malware outdated pretty fast, or worse, provide the students with a false feeling of situational awareness about today’s malware that’s driving the entire cybercrime ecosystem at the end of the day. In fact, one can easily spot an outdated academic curricular on the basis of the malware it’s discussing, and whether or not the lecturer is even bothering to imply that antivirus software the way it is, and the way it’s been for the past couple of years, is only mitigating a certain percentage of the threat, next to eliminating it entirely and urging everyone to “keep their antivirus software up to date.”
George Ledin, a professor at Sonoma State University thinks that coding malware helps students better understand the enemy. What is Ledin trying to achieve anyway?
“Ledin insists that his students mean no harm, and can’t cause any because they work in the computer equivalent of biohazard suits: closed networks from which viruses can’t escape. Rather, he’s trying to teach students to think like hackers so they can devise antidotes. “Unlike biological viruses, computer viruses are written by a programmer. We want to get into the mindset: how do people learn how to do this?” says Ledin, who was born to Russian parents in Venezuela and trained as a biologist before coming to the United States and getting into computer science. “You can’t really have a defense plan if you don’t know what the other guy’s offense is,” says Lincoln Peters, a former Ledin student who now consults for a government defense agency.” “
To code an undetectable malware in an academic environment in order to scientifically prove that signatures based malware scanning wouldn’t detect the just coded malware, or to keeping providing a false feeling of security by the wrongly positioned antivirus software? That’s the question Sonoma State University’s George Ledin seems to asking, and he’s naturally receiving a lot of criticism from companies “making their living fighting viruses” reaching such heights as companies speculating on not hiring his students, now capable of coding malware. The companies however, forget one thing – how easy is in fact to “generate” an undetectable piece of malware using the hundreds of malware builders that they are aware of, ones that come very handy for internal benchmarking purposes for instance.
For the past couple of years, antivirus software has been a pure reactive security solution, namely compared to pro-active approaches embraced by the vendors who are in catch-up mode with the malware authors, it was reacting to known threats. Two months ago, Eva Chen, Trend Micro’s CEO made some very bold, but pretty realistic statements on signatures based malware scanning, and how the entire industry was wrongly positioned for the past 20 years :
“In the antivirus business, we have been lying to customers for 20 years. People thought that virus protection protected them, but we can never block all viruses. Antivirus refresh used to be every 24 hours. People would usually get infected in that time and the industry would clean them up with a new pattern file. In the last 20 years, we have been misrepresenting ourselves. No-one is able to detect five and a half million viruses. Nowadays there are no mass virus outbreaks; [malware] is targeted. But, if there are no virus samples submitted, there’s no way to detect them.”
Precisely, so what Ledin is blamed for is in fact an outdated fact by itself starting from the basic nature of how antivirus software works. The very same outdated approach of proving a known fact will be taken by the upcoming “The Race to Zero” undetectable malware coding contest to be held at this year’s Defcon security conference. Moreover, in between vendors counting how much malware they are detecting, taking a peek at publicly obtainable statistics on detection rates for malware in the wild, you will see how dynamic “the best antivirus software” position is, since it literally changes every day. And theoretically, even “the best antivirus software” wouldn’t be able to detect the malware coded by Ledin’s students, or the one that someone requested to be coded for hire, a service that’s been getting increasingly popular these days due to its customerization approach.
Ironically, the IT underground is a step ahead of George Ledin, using distance learning approaches by including video tutorials on how to use malware kit, including practical examples of successful attacks and providing tips from personal experience while using it. Coding an undetectable malware in 2008 isn’t rocket-science, with do-it-yourself malware builders providing point’n’click features integration that used to be only available to a sophisticated malware author a couple of years ago. Then again, having an undetected malware, doesn’t mean that they’ll be able to successfully spread it and infect millions of users, so from a strategic perspective it’s all about the tactics and combination of tactics that would use in their campaign.
Before you judge Ledin’s vision, ask yourself the following – does coding malware ultimately improve the career competitiveness of his students in the long-term, or isn’t what he’s trying to prove a known fact already?
Written by Dancho Danchev
Commenti Via Facebook
Commenti lasciati dagli ospiti, senza usare Facebook
Inserisci un Commento
- Appelli Generici: Kiwi pericolosissimi per la salute umana se associati con il consumo di vino rosso - Marzo 20th, 2016
- Appelli Umanitari Veri: Raccolta Fondi per aiutare la piccola Chanel - Luglio 25th, 2013
- avvenimenti: Fact-checking day, il 2 aprile a caccia della verità - Aprile 2nd, 2018
- Award and Press: Silvio Passalacqua of www.hoax.it go to Campus Party Europa - Aprile 24th, 2010
- Bufale e Hoax: Complotto UE contro l'Italia - Ottobre 12th, 2018
- Catene di Sant'Antonio: Allerta: Finto buono spesa McDonald's di 50 euro via Whatsapp - Ottobre 21st, 2018
- chainletters: salviette per i bambini Huggies con dentro i pezzi di vetro - Agosto 29th, 2015
- Curiosità: Il vescovo benedice i cellulari contro le fake-news “Padre santo proteggi chi usa il cellulare” - Storia Vera - Febbraio 5th, 2018
- English Articles: Vulnerability Summary for the Week of March 7, 2016 - Marzo 21st, 2016
- Exploits: Vulnerabilità Chip Qualcomm e anche gli smartphone e tablet Android sono a rischio - Agosto 10th, 2016
- hoax: Complotto UE contro l'Italia - Ottobre 12th, 2018
- hoaxes: New Scam from Mr.Ahmed Bello - I NEED YOUR URGENT ASSISTANCE! - Marzo 25th, 2011
- ICT and Computer Security: Vulnerability Summary for the Week of March 7, 2016 - Marzo 21st, 2016
- ingegneria sociale: Bufala / Truffa, Finti premi e Vincite di Portatile o Smartphone o altri premi Google - Luglio 13th, 2016
- Leggende Metropolitane: I comunisti mangiano i bambini... - Ottobre 31st, 2018
- News: «Incappucciati picchiano di notte» Scatta l’indagine ma era una bufala - Febbraio 15th, 2017
- news: Tea Party movement - Ottobre 15th, 2010
- Phishing e Truffe: Allerta: Finto buono spesa McDonald's di 50 euro via Whatsapp - Ottobre 21st, 2018
- sentenze: G.U.P. Tribunale di Brescia, Sentenza 3 marzo 2011 (dep. 30 marzo 2011), n. 293 - Aprile 25th, 2011
- Sicurezza: Vulnerabilità Chip Qualcomm e anche gli smartphone e tablet Android sono a rischio - Agosto 10th, 2016
- Storielle e Aneddoti: libera, liberi ma liberamente o no liberi di fare COSE LIBERAMENTE - Maggio 16th, 2010
- Truffe Smascherate dalla Tv: Soluzione di un caso di truffe on line... Striscia la Notizia - Luglio 17th, 2008
- Unsorted comments: relief fund worth 450.000.00 Pounds - Settembre 19th, 2011