Saturday, September 26, 2009

Ants attacking malicious code (or the slow death of antivirus tools II)

Three researchers are working on a new method of detecting malicious code. The approach is basically based on mimicking ant behavior. So far it is in a development stage but has already identified a worm that was purposely introduced into a network of computers. The so called digital ants depend on agents so called "sentinels" installed on each machine, which in report back to so called "sergeants" on the network that are monitored by humans.

According to an article on the system only works in large networks where computers have the same build. Which means: If an "ant" sees a deviation from the standard build it will alert others to inspect what it could be. Just that it does not happen in real-time. Most infections require to act fast (i.e. a keyboard logger are sending your credit card data across as you type). Also the number of ants is concerning...the researches already planning on having 3,000 different type of ants. Is this another signature based approach?

Again a technology that only works in large networks/clouds. What about the typical corporation that has a sales force with laptops that randomly connects to check just email?

Here is the article - Ants vs worms: New computer security mimics nature

1SSA - Security Consulting, Training and Products