Saturday, July 01, 2006

Undetectable Malware

This is scary- undetectable malware:

Undetectable Malware

So what can the OS manufacturers do about this? As mentioned many times previously - better logging of system and application activities so you can turn on auditing and track every single action taken by the system and query it to pinpoint specific activities and which user accounts or processes are performing those activities.

Also as noted in previous posts - Microsoft's current design for DCOM and RPC makes this pretty much impossible. Some changes are needed to those as well as the underlying system.

To be really nice there could be a way to turn on and off this logging to improve system performance, and a very tight tracking mechanism for WHEN it is turned on and off.

This would render undetectable malware...a bit more detectable.