[ Pobierz całość w formacie PDF ]

change the nature of the malicious code problem. Historically, new generations
of hardware and software have provided opportunities for new threats. As
examples, the emergence of DOS led to the creation of DOS viruses, adoption of
Windows 95 has led to new Windows 95 viruses, and the adoption of macro
languages into Microsoft Office products has in turn led to completely new types
of wildlife.
Moving forward, as more home users have continuous (cable or DSL based)
connections to the Internet, there will be a much greater opportunity for the
spread of computer worms. Luckily, most of our current anti-virus technology
can be adapted to provide protection against such threats, as long as they are
copied to the user s hard drive. To protect against worms which reside only in
memory (and don t get copied to the actual hard drive), personal firewalls could
become much more of a necessity. In particular, as people become more and
more dependent on the World Wide Web and new macro/script-enabled,
Internet-enabled applications, the opportunity for worms to spread will only
increase. Generalized content-filtering personal/corporate firewalls will be
required to provide robust protection against these threats.
In the end, the best way to prevent e-mail and other script-based worms is for the
developers of the vulnerable software to build in security and make it easily
configurable. This would provide a clear protection benefit to customers.
The increased dependence on the Internet will also potentially change the
landscape with respect to malicious ActiveX and Java. Two scenarios will likely
play out. On the one hand, we expect to see little growth in malware posted to
truly-stationary web-sites. Such web sites have a great deal of incentive to make
sure such threats don t get posted because of their clear traceability. On the
other hand, we do expect the number of attacks to increase on seemingly
stationary, yet anonymous web sites such as GeoCities  since such sites are
effectively anonymous, the risk of getting caught is much smaller. Unfortunately,
common end users may not always realize that a given web site is actually
anonymous. Greater education of the mainstream computer user will be the best
mechanism for prevention in these cases. Web site certification programs and
software-based-filtering may also provide appropriate security.
Regardless of exactly how these scenarios play out, we will probably see the
growth of ActiveX/Java zoo viruses. Current anti-virus technologies
20
EICAR Proceedings 1999
(fingerprinting) can be used to detect these zoo threats, but they will be largely
useless against an adversary who wants to cause real damage or steal
money/information from users. Java/ActiveX-filtering personal/corporate firewalls
will be required to provide robust protection against these threats. Also, behavior
blockers will become increasingly important; these products will likely evolve and
become more usable in the coming months and years.
Finally, the threat from traditional Trojan horses will continue to grow. Since
users can anonymously post Trojans on public communications channels
(USENET newsgroups) or e-mail them to private not-so-savvy users, it is likely
that we will see an increase in this type of threat. Current fingerprinting
technology could help detect such malicious applications in some instances,
however, new Trojan horses will be largely impervious to fingerprinting or even
heuristic protection. Once again, behavior blockers will help to detect and prevent
some attacks by Trojan horses. Content filtering (preventing anonymous users
posts) may also be one of the most effective measures against this type of threat.
Any time we can make a user feel accountable (and locatable) for his/her
actions, we will expect to see the associated malicious code threat diminish.
Possible Alternative Future Scenarios
Using history as a guide, we could also come up with an alternative scenario in
which the threat of malware actually decreases. Just as some advances in
hardware and software have caused an increase in new types of threats, other
advances have actually slowed the growth of certain types of threats. For
example, as mentioned above, the emergence of Windows has led to an
increase in new Windows viruses. On the other hand, as Windows has been [ Pobierz całość w formacie PDF ]