Subscribe
About

Winning the war on cyber-crime

The Web 2.0 model can help fight cyber-crime through malicious code sharing.
Jeremy Matthews
By Jeremy Matthews, Head of Panda Security's African operations.
Johannesburg, 22 May 2008

The revolution caused by the printing press took several centuries to be catalysed. For a long, long time the press was no more than a good invention. A huge number of people could not read, and back then, books were no more than objects for the learned.

When the Internet started to be developed in the 1970s, the situation was very similar: it was a system only for experts, for the privileged few who knew how to use a computer and had access to one. However, as with the printing press, the revolution took place: many people learned to read, and in the '90s, the Web spun its spindles worldwide, finding its way into millions of homes globally.

Although nowadays books are very common, UNESCO calculates that in the year 2000, around 90 million people were illiterate. And, if the Internet reached 1 100 million users in 2006 (according to the IDC), today, there are still many people who are technologically illiterate. That is not to speak of the functionally technologically illiterate, who use the Internet but have no idea of what they are doing or how it works.

Another major issue is the monopoly of the old "Internet 1.0" concept of the Web: a system where a select and 'privileged' few make information available to the rest of the users. A kind of commercial - albeit it enlightened - despotism.

Fortunately, times are changing. Now, the Internet is a truly collaborative entity. There are many manifestations of this new trend, the most obvious perhaps being Wikipedia - the encyclopaedia in which entries are created, completed, corrected and or changed by the Internet community at large. In this way, Internet users provide free knowledge for everyone.

Sharing knowledge

This system can be applied to an area of IT that until now has been based on the old model: anti-malware security. Given the current malware situation, the huge amount of malicious codes in circulation cannot reach the research laboratories. Sharing all malicious codes is thus instrumental to ensure they are effectively detected.

In the same way as an encyclopaedia can be built by gathering the knowledge of all Internet users, collecting information on all the malware installed on Internet users' computers creates a system of "collective intelligence". This system is capable of detecting many more threats than traditional signature-based systems.

Implementing this model of Web 2.0 will be challenging. Firstly, the malware needs to be collected from the computers connected to the Internet, and to do this, malware needs to be clearly defined. In traditional anti-virus systems, it was very clear: if the virus laboratory of an anti-virus company had received a certain code and identified it as malicious, it was classified as malware and added to the virus signature file.

However, nowadays there is so much malware circulating in the Internet that it is impossible for the laboratories to receive samples of all malicious code. Therefore, a system is needed that can automatically identify a malicious code without needing a specialised technician to analyse it.

Security 2.0

A system is needed that can automatically identify a malicious code without needing a specialised technician to analyse it.

Jeremy Matthews is head of Panda Security's sub-Saharan operations.

Technology is sufficiently developed for a malware detection system to exist that does not rely on previous knowledge of each specimen.

Only certain characteristics of the code need to be detected to classify it as harmful. For example: extremely few legitimate programs capture keystrokes and send them out through an open TCP port. Therefore, the probability of a program that does this being malware is extremely high. The same applies to many suspicious actions that give away malicious software.

Once the program causing the problems has been detected, it is sent for in-depth analysis and to be catalogued and added to the virus database to be used by Internet users. Therefore, any other user with this same malware can take advantage of the fact that another computer connected to the Internet somewhere in the world has also fallen victim to this code.

All of the computers in the world can now automatically share malware solutions and detections online at www.infectedornot.com. This Web site allows users worldwide to check their computers and any unknown threats detected are sent to a database of new malware, which will be shared with the rest of the community.

This is Web 2.0 technology in its purest state - helping security to attain previously unknown levels of efficiency and making security merely another commoditised feature of the Internet community.

* Jeremy Matthews is head of Panda Security's sub-Saharan operations.

Share