Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Malware Defense History

by Dr. Nikolai Bezroukov.

Copyright: Dr. Nikolai Bezroukov 1994-2013. Unpublished notes. Version 0.80.October, 2013

Contents : Foreword : Ch01 : Ch02 : Ch03  : Ch04 : Ch05 : Ch06 : Ch07 : Ch08 : Ch09 : Ch10 : Ch11 : Ch12 : Ch13


Chapter 3: Architectural Methods of Malware Defense

Low adaptability of malware

There is general law that the more particular organism is adapted to particular environment, the more sensitive it is to even slightest changes of this environment.

This law holds for malware and is exploration of its action in historical context is one of the resons of writing this book. Change of environment is often deadly for malware. Like any highly specialized organism it is very sensitive to slightest changes in OS or in case they use TCP/IP network configuration.

Also monocultures are more susspetable to deseases

In a way malware is a result of PC monoculture with Windows as the dominant system. The fact that this is Windows not Linux does not matter -- for any other dominant Os there will be enough reserach to uncover flows that can be exploited in malware.

For any type of malware the malware author makes multiple implisit choices about the enviroment as he wishes to expoit what is some minor lows of this enviroment for propotagtion. That means that a sight change (for example patch) might kill the ability of particular malware to propogate.

But things are more complex that that. Out of infinine number of Windows comfigrations, the malware author needs to orient himself on the most common confiuguration. Any move "left or right" from this "most common" Windows environment means that malware will be unable itether to infect PC of propogate or both.