News:

Help! We're trapped in the computer, and the computer is trapped in 2008! Someone call the time police!

Main Menu

A Theory of Malware

Started by MyndFyre, March 01, 2011, 12:35:32 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

MyndFyre

March 01, 2011, 12:35:32 AM
I was paging through a journal tonight from the ACM and I came across this article that advocated teaching a curriculum about malware in higher education.  I was a little skeptical of this until I read the author's thought "The reason we haven't solved the problem of malware is that we don't have a theory of malware."  Then I went from being a little skeptical to thinking the author was utterly ridiculous.

A theory that could completely encapsulate malware today would be so incredibly generalized (because it would have to encapsulate innumerable systems) that it would provide no value to solving such a problem, I think.

What do you think?  Do you think we just haven't academic-ized the problem enough?
Quote from: Joe on January 23, 2011, 11:47:54 PM
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Quote from: Rule on May 26, 2009, 02:02:12 PMOur species really annoys me.

Sidoh

#1
March 01, 2011, 04:04:02 AM
Probably not, but I think that there would be some benefit to introducing the study of malware to an academic curriculum.  I don't think we're missing a "theory" of malware, but having a better understanding of it would probably help things a bit.

iago

#2
March 01, 2011, 08:10:06 AM
There are plenty of "theories" in security - like how to prove a system is secure. And guess what? They never work. :)

The problem with theories is that they tend to look at a certain set of factors. Pieces, inputs, outputs, calculations, etc. But it turns out that in security, the most dangerous problems are the ones that you don't realize exist (until it's too late). In other words, abusing the system.

A good example is threat modeling. I want a shirt that says, "I'm not in your threat model" - implying that your threat model doesn't (and can't) cover a sufficiently creative hacker.

Chavo

#3
March 01, 2011, 06:06:00 PM

Sidoh

#4
March 01, 2011, 06:35:13 PM
chavo, you're my hero.

iago

#5
March 02, 2011, 12:46:39 AM
At least I spelled everything (more or less) right. :P

Blaze

#6
March 02, 2011, 12:23:36 PM
Quote from: iago on March 02, 2011, 12:46:39 AM
At least I spelled everything (more or less) right. :P


I don't see any misspellings.  :)
And like a fool I believed myself, and thought I was somebody else...

iago

#7
March 02, 2011, 12:42:54 PM
Quote from: Blaze on March 02, 2011, 12:23:36 PM
Quote from: iago on March 02, 2011, 12:46:39 AM
At least I spelled everything (more or less) right. :P


I don't see any misspellings.  :)

Presumably, s/thread/threat/. Unless it's a pun about shirts. In which case, Boo! :)

Chavo

#8
March 02, 2011, 01:14:47 PM
or forum threads
* Chavo pretends the typo was intentional

Sidoh

#9
March 02, 2011, 03:17:57 PM
Hah.  I didn't even notice that.

Don't worry, Chavo, you're still my hero.
Print
Go Up Pages1
User actions