All of us who follow the security aspect of the IT industry daily have noticed the alarming trend of malware getting developed and changed at a pace that is almost impossible to follow by the anti-malware developers. We are all running the risk of being overwhelmed one day.
Markus Jakobsson over at IT World has a few thoughts and suggestions on the subject.
Under the premise that there are secure ways to find about all the software installations on every computer, and that it’s easy to collect various kind of data from these computers – data like geographic location, what type of OS and what programs are installed, etc., he believes that it would be possible for anti-malware software to detect new malware because it knows the circumstances of the installation of this software.
He gives some examples – some types of malware (mainly the one that spreads through Wi-Fi and Bluetooth channels) spread by proximity. That means that in detecting that kind of malware, information about the location of the machine can be a valuable parameter.
Other types of malware spread through connected computers – in this case, he doesn’t mean physically connected in a network, but connected through the owners via address books the virus can use for spreading.
In both of those cases, the anti-malware program doesn’t even have to look at the code. The installation circumstances alone can determine a high probability of the sotware in question being malicious.