August 25, 2012

IT Security, The Frankenstein Way

Here's a riddle: When is a computer virus not a dangerous piece of malware? Answer: when it is hidden as Frankenstein code. 

The Economist (25 August 2012) describes how computer viruses are now being secretly passed into computers, by simply sending a blueprint for the virus rather than the harmful code itself into your computer--then the code is harvested from innocuous programs and assembled to form the virus itself. 

Like the fictional character, Frankenstein, that is stitched together out of scavenged body parts, the semantic blueprint pulls together code from host programs to form the viruses. 

This results is a polymorphic viruses, where based on the actual code being drawn from other programs, each virus ends up appearing a little different and can potentially mask itself--bypassing antivirus, firewall, and other security barriers. 

Flipping this strategy around, in a sense, Bloomberg Businessweek (20 June 2012) reports on a new IT security product by Bromium that prevents software downloads from entering the entire computer, and instead sets aside a virtual compartment to contain the code and ensure it is not malicious--and if the code is deemed dangerous, the cordoned-off compartment will dissolve preventing damage to the overall system.

So while on the offensive side, Frankenstein viruses stitch together parts of code to make a dangerous whole--here on the defensive side, we separate out dangerous code from potentially infecting the whole computer.  

Computer attacks are getting more sinister as they attempt to do an end-run around standardized security mechanisms, leading to continually evolving computer defenses to keep the Frankensteins out there, harmless, at bay.

(Source Photo: here with attribution to Dougal McGuire)


No comments: