Viruses are now getting more sophisticated largely in part due to the quest for efficiency in coding on various operating systems platforms. The latest trend is the emergence of the Frankenstein virus, a virus that builds itself out of pieces your computer knows to be safe (e.g. bits of applications like your word processor, image editor or Web browser).
This will increasingly cause more danger to any computer user because the payload itself may not register as a virus simply because it does not contain any code that is registered to do harm to your computer. In fact, what the payload will do is just to scan your computer for the other bits of application, build up the application on the fly, and commence its hidden agenda. Dangerous? You bet.
However, the fact is that if operating systems prevent dynamic loading of other application codes on the fly, this will become a non-issue. The problem arose because of the quest for efficiency. Re-usability of codes and loading of libraries as and when needed for efficiency memory management has resulted in this unintentional side effects.
There are a couple of ways to resolve this problem though, one of which Apple has already initiated. The AppStore. This solution does not prevent the malware from happening but the simple fact is that you need to be properly registered with an entity before you can distribute your apps in the AppStore. Therefore, if you have purposely distributed a malware/virus through the AppStore, rest assured that the police will be able to find you because your particulars are registered with the entity in charge of the AppStore.
A simple act of code signing will also help reduce the possibility of viruses being installed on to your machine. For those who have registered for a SSL certificate, you will know that there are some verification steps that are needed before you can register an SSL certificate. These verification steps will be able to uniquely identify you if required. Therefore, just by extending the SSL certificate a little further by requiring codes to be signed by something similar to a SSL certifcate, will further enhance the security of an app as developers know that there is a possibility that they can be traced back if they have knowingly put a malware or virus into their programs.
The beauty of extending the SSL certificate process to developing applications is that there is already an existing system in place to identify whether an SSL certificate has been signed by a root authority, who will in-turn ensure that the SSL certificate is issued to a valid entity that can be traced back if necessary.
The above 2 ways do not eliminate the malware / virus problem, but it will give pause to these writers because they know that there will be a way to trace them if they try to do anything funny. However, there will be a side-effect if this kind of protection is in place. Cost of software will go up.
Like it or not, this is a service provided and people need to eat.
No comments:
Post a Comment