Thursday, January 15, 2009
Distributed malware identification
The info about Senthil Cheetancheri proposal on fighting zero-day attacks with a peer-to-peer software that shares information about anomalous behavior is spread through a lot of security blogs and portals today. It is not that innovative, but it's certainly something nice to think about.I would go a little further and propose something a little different. We could build a distributed system like SETI-at-home (I've just discovered a very irritating wordpress behaviour when using the "at" symbol!) to not fight, but to identify malware. Today there are websites where people post information about executables found on their computers and others can vote if that piece of software is malicious or not. Mixing information gathered automatically by an agent and votes from people it would be possible to use the agent not only as a very wide information collection network but also as a antivirus. Additional stuff like centrally managed white lists (to avoid people exploiting the system to make Windows DLLs to be identified as malicious, for example) and behaviour analysis could make it a very effective defense.That's a very nice case for a open source project!