Saturday, November 19, 2005

In The Future

Many of the viruses we discussed are no longer a threat because anti-virus companies targeted them long ago and impeded their ability to spread. And although modern file infector and macro viruses continue to uphold the destructive traditions of their elders, boot sector viruses are slowly fading away.
“Boot record viruses are on their way out,” Nachenberg says. “They used to comprise the majority of infections that our customers would see, and today, they’re just a blip on the screen. The difference is the newer versions of [today’s] operating systems are designed in such a fashion that, in many cases, boot record viruses are neutered—they’re not able to spread.”
Widespread use of anti-virus software also contributes to the decline of boot sector viruses. But when new viruses appear, they still don’t always go away quickly, often due to the extensive process involved with eliminating the threat and shoring up any possible vulnerability. “Vulnerabilities have lives of their own,” says Kevin Houle, a member of Carnegie Mellon’s CERT Coordination Center’s technical staff. “When a new vulnerability is discovered, we typically see activity related to that vulnerability for two or three years. There’s a patch cycle where vendors will release security updates, and administrators and consumers need to apply those security patches to protect their systems. But that takes time.”
Time is a crucial factor in the battle against viruses, and emerging viruses promise to make researchers spend much more of it to identify and eliminate them. In fact, a new virus type is causing significant unrest: Highly complex metamorphic viruses go to great lengths to avoid detection. W32.Simile, discovered in March 2002, uses entry-point obscuring, metamorphism, and polymorphic decryption.
“History is a great teacher,” Nachenberg says. “I think we will continue to see these threats evolving to take advantage of the capabilities of the newer computers, and also evolving with respect to their attempts to avoid detection by anti-virus software.”
Houle agrees, “I have no reason to believe that in the short term we will see [these viruses] disappear . . . for the foreseeable future, sites and organizations connected to the Internet should expect, and take preparations so they can defend against, self-replicating viruses.”


Post a Comment

<< Home