|Home||Switchboard||Unix Administration||Red Hat||TCP/IP Networks||Neoliberalism||Toxic Managers|
May the source be with you, but remember the KISS principle ;-)
Bigger doesn't imply better. Bigger often is a sign of obesity, of lost control, of overcomplexity, of cancerous cells
Copyright: Dr. Nikolai Bezroukov 1994-2013. Unpublished notes. Version 0.80.October, 2013
Contents : Foreword : Ch01 : Ch02 : Ch03 : Ch04 : Ch05 : Ch06 : Ch07 : Ch08 : Ch09 : Ch10 : Ch11 : Ch12 : Ch13
Chapter 3: Architectural Methods of Malware Defense
There is general law that the more particular organism is adapted to particular environment, the more sensitive it is to even slightest changes of this environment.
This law holds for malware and is exploration of its action in historical context is one of the resons of writing this book. Change of environment is often deadly for malware. Like any highly specialized organism it is very sensitive to slightest changes in OS or in case they use TCP/IP network configuration.
Also monocultures are more susspetable to deseases
In a way malware is a result of PC monoculture with Windows as the dominant system. The fact that this is Windows not Linux does not matter -- for any other dominant Os there will be enough reserach to uncover flows that can be exploited in malware.
For any type of malware the malware author makes multiple implisit choices about the enviroment as he wishes to expoit what is some minor lows of this enviroment for propotagtion. That means that a sight change (for example patch) might kill the ability of particular malware to propogate.
But things are more complex that that. Out of infinine number of Windows comfigrations, the malware author needs to orient himself on the most common confiuguration. Any move "left or right" from this "most common" Windows environment means that malware will be unable itether to infect PC of propogate or both.