today I wanna point out this paper on InfoWorld on Herd intelligence. As everybody know, poli-worms can easily change from machine to machine, making hard AntiVirus-companies’ life. Often Antivirus and Anti-Malware are based on signature “finger-print” and for that reason it’s still easy bypass them. In this paper the Author describes how the companies want resolve this problem using Herd Intelligence. Who is the Herd ? Of course here we are !! Yep,.., companies are thinking to use clients computers in order to grab news malware,new virus signature and so for….
The idea is simple, according to the analyst. If attackers are going to attempt to create different attacks for nearly every individual user, then security software vendors must use their customers’ machines as their eyes and ears for discovering and addressing those variants. (from site)
Well, this is an interesting (possible) solution to the problem but what I can’t yet understand is why companies are fixed on fingerprint technologies. Using fingerprint means running after malware, not prevent them and not absolutely block them. What I’m asking to myself till now is: why Antivirus companies don’t use a behavioral detecting technique ? There are many researches on dynamic malware detection based on API sequences and based on data flows that, if well implemented and well planned can really improve the malware prevention, why company don’t invest on this “paradigm shifting” rather then building Client Herd Computers guinea-pigs ?
I’m pretty sure that it will be cheaper, because building Herd Clients’ computers means writing more client-side agents as well as rewrite the software detection. Moreover building herd means teach people to understand that, means teach computer technician to repair news systems, means try to persuade people that the new agent sends only malware information and not sensible information and so on…….
Another problem comes from trusted computer field…. How can we know that the news agents installed on ours machines are safe ? Again, how can we know that these softwares don’t send sensible and/or private information to Antivirus company ? How can we assume that Antivirus company have good intention ?
If we take as example Diebold company and its Voting Machine, it’s pretty easy understanding that these assumptions are really too strong in Internet era.