Death of antivirus software imminent

Jonathan Thornburg J.Thornburg at soton.ac.uk
Fri Jan 18 13:16:20 EST 2008 

Alex Alten wrote:
> Generally any standard encrypted protocols will
> probably eventually have to support some sort of CALEA
> capability. For example, using a Verisign ICA
> certificate to do MITM of SSL, or possibly requiring
> Ebay to provide some sort of legal access to Skype
> private keys.

I can certainly imagine various countries legislating such backdoors,
and other countries quietly installing them (assuming they aren't
already there for Skype).  And that will certainly help in catching
some fraction of unsophisticated crooks.

But botnets-for-rent are currently making pretty substantial amounts
of money (eg for sending spam, or ddos attacks, or as phishing hosts),
and are increasingly using professionally written malware.
(http://www.cs.auckland.ac.nz/~pgut001/pubs/malware_biz.pdf)

Given the lure of this much "easy money", I think it's much more
likely that the cleverer bad guys will just wrap an un-backdoored ssh
or ssl or ipsec or <other good crypto protocol that's already widely
available> layer inside the backdoored one(s), giving them (continued)
full security.  For better or worse, I think the "bad buys can use
strong crypto" horse left the barn a long time ago.


In a more recent message, Alex Alten wrote:
> the criminals have to design their security system with
> severe disadvantages; they don't own the machines they
> attack/take over so they can't control its software/hardware
> contents easily

I don't see your point -- surely once a machine is "recruited" into
a botnet, the botnet herder can and does load any software s/he wants
onto the "new recruit".


> they can't screw around too much with the IP
> protocol headers or they lose communications with them, and
> they don't have physical access to the slave/owned machines.

In what way has this stopped (or even slowed) the Storm worm,
to name one notorious example?

-- 
-- Jonathan Thornburg (remove -animal to reply) <J.Thornburg at soton.ac-zebra.uk>
   School of Mathematics, U of Southampton, England
   "Washing one's hands of the conflict between the powerful and the
    powerless means to side with the powerful, not to be neutral."
                                      -- quote by Freire / poster by Oxfam


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list