46
The concept of software misuse may be well suited for the Rabbit virus (this virus
did not leave copy of itself, it just “jumps” from one system to another).
Malware writer can construct a malware “monster” like playing in LEGO. Such
LEGO virus cannot be stopped, because it consists of the “good” and legal
commercial software. On the other hand, a Rabbit virus could jump from system
to system and reconfigure “good” software to carry malicious actions. As a result,
we must admit that actually almost any software is dangerous. Thus, how can
we defend ourselves from “almost any software”? With a “black list” security
technology (signature definitions)? Or, with a “white list” (millions of “good” files in
a big corporation)? Maybe redesign our defenses? Or even change OS?
Software misuse could put to the limits the ability of signature-based antivirus
programs to defend against malicious code, but it does not mean that behavior-
based antivirus products can do it better.
I suggest that the software vendors along with developing rich and powerful
functionality take care to limit the misuse of their software. The "good"
software must include a strong self-audit of performed actions or alert computer
user that the configuration is changed and could be dangerous. It is not a perfect
solution, but could minimize the danger of the software misuse. As always, the
"defense in depth" concept should help. Multilayer defense and awareness can
help us to deal with this problem.
 |
 |
 |