Why Spyware is Hard to Control
There is a lot of money in the spyware industry, which is why antivirus vendors have to compete with the latest, state of the art spyware.
When you install spyware, it is like giving you bank pass and pin number to a complete stranger.
Spyware also causes indirect damages, such as increased network costs.
Spyware is hard to control, because the technology to detect spyware is always one step behind.
It take about a hour to invent new spyware or to rewrite the source to make it undetectable.
Most viruses do this on a automated basis, so they are unique at each infected computer.
It can take days or even weeks for antivirus vendors to detect these algorithms, while a spyware author can easily adapt to a new one in matter of hours.
The newest antivirus software have techniques to let spyware run in a secured environment and monitor for changes.
However, spyware authors strike back with code that breaks out of this environment.
It is also very easy to detect if it runs in such environment, since windows api calls and addresses are located differently then when running on the real system.
With the ongoing rate of spyware distribution, we need much more then heuristic protection and signature based detection.
The only valid solution is to assign a portion of the registry and disk to one program.
This way, software cannot access information it may not read.
This is very unpractical for normal computer users.
Like always in security there is always a tradeoff between usability and security!
When you install spyware, it is like giving you bank pass and pin number to a complete stranger.
Spyware also causes indirect damages, such as increased network costs.
Spyware is hard to control, because the technology to detect spyware is always one step behind.
It take about a hour to invent new spyware or to rewrite the source to make it undetectable.
Most viruses do this on a automated basis, so they are unique at each infected computer.
It can take days or even weeks for antivirus vendors to detect these algorithms, while a spyware author can easily adapt to a new one in matter of hours.
The newest antivirus software have techniques to let spyware run in a secured environment and monitor for changes.
However, spyware authors strike back with code that breaks out of this environment.
It is also very easy to detect if it runs in such environment, since windows api calls and addresses are located differently then when running on the real system.
With the ongoing rate of spyware distribution, we need much more then heuristic protection and signature based detection.
The only valid solution is to assign a portion of the registry and disk to one program.
This way, software cannot access information it may not read.
This is very unpractical for normal computer users.
Like always in security there is always a tradeoff between usability and security!
Source...