Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.

Recent Items
 
Standards as Arbitrary Solutions to Recurring Problems
 
Easy trouble-free use of IT tops the list
 
Maturing UML and Increasing Expressiveness
 
More Open Than Open
 
Removing Complexity Makes Less Better
 
Your Computer Is Insecure. Bad planning, eh?
 
Certification of Network-Attached Components?
 
Reputation and Community Trust of Download Files
 
The PITAS from PITAC And the Emperor's Security Cloak
 
Collaborative Development Spurs Open-Source Arrangements

Archives
2004-06-13
2004-06-20
2004-06-27
2004-08-29
2004-09-05
2004-09-12
2004-09-19
2004-10-10
2004-10-24
2004-11-07
2004-11-28
2004-12-05
2004-12-12
2004-12-26
2005-01-30
2005-02-06
2005-03-06
2005-03-13
2005-03-20

Repairing Aberrant Behavior: But Is That the Threat?

ACM News Service: Supersmart Security.  I notice that there is a great deal of interest these days in systems that detect odd behavior of applications and find some way to fence it in or even re-establish a fresh copy.  The motivation is finding an active approach to repairing a system that has been compromised.  This is an interesting question, but I find myself puzzled about the problem being solved, especially when we talk about perturbing code so that exploits can't rely on a consistent pattern to apply their malevolent transformations against.  I suspect that measure will only have temporary success, if the past is any guide here.

A greater concern for me is whether this is the main or even most-serious threat?  It is addressed to a symptom of compromise that might not deal with attacks that are really against higher levels in the application stack and intended to compromise data and users and the business system, not damage the computer.  And it raises tremendous trust concerns for the security software itself.  I already can't be sure my firewall is really working, and I am not sure a root kit, my main worry, is caught by this sort of thing (nor do I expect to see this sort of thing on consumer PCs anyhow).

The Gary Anthes 2005-03-21 ComputerWorld article has more for digging deeper.  I am simply not sure that system damage is the most prevalent threat or even the intention of most attackers, yet this seems to be the focus of this article, which links compromise and damage together: "For some time, we have been losing the battle against those who would damage our computer systems. That's because computers are increasingly interconnected and the software they run is more complex. Both factors increase vulnerability to infection and intrusion."

---

[updated 2005-03-24T18:00Z I've been bravely posting directly from my Blog This! bookmarklet, but it means less spell-checking.  This one had a howler that I couldn't overlook.

posted by orcmid at 3/24/2005 08:55:00 AM, rating data by NewsGator Online