Friday, February 02, 2007

on the application of legal pressure in the fight against malware

thanks to a reader i was pointed towards an article about kaspersky's efforts to make the law a more effective tactical device for use in the battle against malware...

using the law this way is not a new or unusual idea - there are many sides to the malware problem, it has many different dimensions, and some of those involve people rather than technology... from a strategic point of view it makes sense to try and address the problem on all fronts and one of those deals with the people responsible for the malware, be they malware creators or just purveyors... the only way to force them to stop being part of the problem (well, the only legal way to force them) is by using the law to catch and prosecute them...

doing so is not a mark of desperation, it's not something you do simply because you are being overwhelmed by the number of malware being created, it is something you do if you're smart... it is a strategy designed to subject the blackhats to the forces of attrition and thereby control (to some degree) the number of people creating/using malware and by extension the amount of malware being spread around and the amount of malware out there at any given time that qualifies as new...

it's controlling the amount malware that qualifies as new at any given moment that is the most interesting/tempting benefit here... whether an anti-virus company can keep up with the rate of malware creation or not it doesn't change the fact that as rate goes up the number of pieces of malware that can't yet be handled by known-malware scanning at a particular moment in time also goes up and therefore so does the user's chances of encountering such undetectable malware... now at 200 a day, most of which have very low distribution, and hourly updates available, those odds aren't necessarily cause for alarm but you wouldn't want them to keep growing unchecked...

of course if you are being overwhelmed by sheer numbers, it can help there too, but being overwhelmed (as opposed having already been overwhelmed) is just another way of saying you're currently operating at peak capacity with your current resources - it doesn't make too much sense to keep people around if you aren't making use of them after all... you can either acquire more/better resources (which costs money) or you can try to get law enforcement to reduce the demand for those resources (guess which one is better for the bottom line)...

an important thing to note however, is that the law isn't likely to be any more effective at addressing the problem of cyber crime than it is at addressing the problem of regular crime... as such, hinting around about solving the malware problem (which cyber crime is a part) as the article does about solving the malware problem is misleading... the law alone isn't going to do it, the law in combination with other tactics isn't going to do it, the law is just an additional measure to help mitigate the problem...

2 comments:

Anonymous said...

This would be in line with what you posted before:

http://www.snpx.com/cgi-bin/news55.cgi?target=185716166?-1313&WT.svl=bestoftheweb5

kurt wismer said...

yup, those kinds of automated tools help av companies keep up with the malware...

there's also the automated malware classification technology out of sabre security that i reblogged about a little while ago... and microsoft even has their own behavioural automated malware classification technology...

companies that aren't investing in automation r&d are probably going to be left behind, but i don't know that there are any av companies like that...