Okay, let’s start with viruses. So as mentioned earlier, the virus requires user action to propagate. So oftentimes a virus will change some code that’s stored on the computer but isn’t actively running so that when the user runs that code, they click on a file and open it, the code starts running, and it outputs a copy of itself to be spread to other users. So here are some ways in which code could propagate. You could infect code that will eventually be executed by the user.
So, for example, change what an application’s code looks like so that the next time the user runs that application like Microsoft Word or something, the code propagates to other users.
Or maybe you change the system’s startup code, the code that runs when you turn on your computer, so the next time the user turns on their computer, the code propagates. Or maybe you change a file or an attachment like we talked about earlier. And if you change the code to include the malware, then when that malware runs, it outputs a copy of itself and attempts to send a copy of itself to other systems. Ways that it might do that might be sending emails to everybody with the code attached, so maybe if the user has a contact list on their computer with lots of emails, then the malware pulls that list and sends the malware to everyone on that email list.
Or maybe if the user has a USB flash drive plugged in, then the malware notices that and copies itself to the USB flash drive, so anyone else plugging in that flash drive gets infected. Those are some ways in which we try to automatically propagate code. So that’s what attackers are going to do. What might security people do to try and defend against those attacks or detect them? So thinking back to those four types of detection, we could do signature-based, keep a list of what’s not allowed, specification-based, keep a list of what is allowed.
Which of those is better? I guess I kind of spoiled it, but I think signature-based detection, where you keep track of what’s not allowed is better than specification-based detection in this case. Why is that? Because if you think about viruses, they always replicate by sending a copy of itself. So the whole point of the virus is to automatically spread copies of itself to other computers.
In other words, the virus is a piece of code for which copies appear all over the place.
So it’s something that security researchers can capture and write a signature for. If you find a virus on one system, and you notice that it’s a virus, you can tell the entire world this is what the virus looks like. Everybody can add that signature to their denylist, and now anybody who sees that virus will catch the virus and detect it. Sometimes the software that does this is called antivirus, and antivirus software often have a checklist of common viruses that have been detected.
This is a good way to catch viruses specifically, because they try to copy themselves, and when there’s so many copies you can use signature-based detection to catch it. Now, there is an arms race between attackers and defenders, as is often the case in security where attackers try to evade the detection system and then defenders try to make the detection system stronger to catch the attackers. So there’s a bit of a back and forth between attackers and defenders. The attackers tried to write stronger viruses, and the defenders try to write stronger antiviruses in response. So attackers will often try and change the virus so that it looks a little bit different, and that will hopefully cause the defenders to no longer catch it with their signature.
However, the signature-based detection writers will then try to upgrade their antivirus so that they can check and detect variants of the virus. So there’s a bit of a back and forth here. Now, it’s kind of an open question who will win this arms race. It’s a constant back and forth. One could argue that attackers have a slight advantage, and the argument is that attackers can see what antivirus is doing, but antivirus cannot see what attackers are planning.
So if you think about an antivirus software, anybody can go on the market and buy antivirus software. You can go on the store and download some antivirus software and attackers can do that and analyze the software to see what it’s doing to evade the detection. However, if you’re writing antivirus, you can’t go ask the attacker what they’re about to do.
You can’t go download a copy of their brand-new virus right away, so one could say the attackers have a slight advantage, but this is a constant arms race going back and forth.
Author: yoselkbaez36ck
Discover the Inspirational Journey of Jose Amoros I hope this message finds you well. I wanted to introduce you to a compelling narrative that might inspire and resonate with you: "Biographical Info de Jose Amoros." Jose Amoros, renowned for his innovative contributions and profound insights, offers a remarkable story of perseverance and achievement. His journey is a testament to the power of resilience and vision, illustrating how dedication can transcend obstacles and lead to impactful success. Diving into Jose's biography unveils lessons on leadership, creativity, and transformation—elements that are essential in today's fast-evolving landscape. Whether you're looking for motivation, new perspectives, or inspiring stories, Jose’s experiences can provide valuable takeaways for your own endeavors. I'd love to discuss how his journey can inspire and benefit [https://website.ws/yosekbaez60/] as you navigate your path toward continued success. Are you available for a brief call this week? Looking forward to the opportunity to connect. Best regards,
Discover more from The most effective and simplest marketing techniques!
Subscribe to get the latest posts sent to your email.
yoselkbaez36ck
