Posted by: Ken Harthun
Malware, Secure Computing, Security, Security management, Vulnerabilities
[Editor's Note (Skoudis): A few years ago, Marcus Sachs mentioned to me an intriguing idea. He said, someday, it is possible that pretty much every system will have some malware on it, just as our bodies are chock full of viruses and bacteria. But, our bodies handle it ok as long as the infection doesn't get out of hand and cause damage. The notion was that it will be impossible to be 100% clean, but you can in fact still be operational if you have good defenses (like the body's immune system). I didn't like hearing what he had to say then, as it sounded defeatist. But, stories like this remind me of that view of the future and make me wonder if we are heading there. ]
I have recently cleaned several PCs that showed evidence of infection by Trojans and spamware, yet they were performing fine and behaving themselves on the network; the items were sitting in Symantec’s quarantine, having been caught by the AV engine at some point. I guess you could consider that these machines were infected, similar to someone who had the flu virus in their system, but was not suffering from the illness. In the former case, the AV engine acted as the PC’s immune system; in the latter case, the body’s biological structures and processes to locate, isolate, and/or destroy pathogens are its immune system. This view seems to validate Mr. Sachs’ idea.
With all of the malware, old and new, that is already traveling around the internet, I believe we’ve already reached a certain level of ubiquitous infection if only of the infrastructure. As malware continues to get more sophisticated, it’s inevitable that some will slip by our defenses and end up on every PC.
We’ll need a better digital immune system to fight it.