Randomness Might Improve Security but Layered Protection is Better Bet
Andreas Antonopoulos raises a challenge for anti-virus vendors in a recent article at Network World when he points out the malware writers can test their software against AV programs before deploying them in the wild. He notes that a little chaos may be just what is needed. I think he has pinpointed a real problem but I'm not so sure about the proposed solution.
For starters, he argues:
It is becoming increasingly evident that malware authors are testing their creations against as many different antimalware suites and versions as they can. The more popular the antimalware system, the more likely malware will be tested against it.
So predictability is the problem, and from Antonopoulos' perspective, it needs to be eliminated:
An attacker need not be superbly intelligent or innovative. They only need to think “outside the box.” The “box” being the rather small set of predictable attacks that the system has been designed to defend against.
He doesn't say how to introduce some radnomness but that is an implementation detail and I don't think any implementation could avoid a fundamental problem.
The difficulty with introducing true randomness is that we'll have a system that works sometimes and doesn't work at other times. Then it becomes a numbers game: how many devices need to be infected to guarantee that some number will of devices will be successfully compromised? Attackers, backed by the deep pockets of cybercrime, could conceivably start running Montie Carlo simulations and other probabilistic analysis to understand their chances of success.
I think a better approach is multiple layers of countermeasures with different strengths and weaknesses. One countermeasure's weakness is offset by another's strengths. I don't think that one system (even one with randomness) can do it all.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
