is the day of the virus scanner over?

I have noticed a new trend emerging over the past couple of years… the virus writers are out-pacing the virus detectors. First, consider the clampi/zeus virus which I wrote about in 2009.  This virus was being used to steal banking credentials and was very successful. Of note was that up to date virus scanners were not detecting the clampi virus.

Then, last year, information came to light on the “stuxnet” virus. This virus has recently been “cracked” by Ralph Langner. His presented his findings at TED (see the video here .) The summary of his presentation was that the virus was very advanced and written to attack specific systems involved in the refinement of uranium in Iran. This is the stuff of spy movies.

Note that clampi and stuxnet virii have the following things in common:

  1. they were not detected by virus scanners,
  2. they wanted to be stealth and not damage the host computer,
  3. they were targetted in their attacks.

So, what can we make of this new trend. Virus detection seems to be losing the battle against the truly sophisticated virus writers, and this is not a good trend. As computers contain more sensitive information such as banking records or nuclear secrets, they will become targets of attack. And, since the virus writers are outpacing the virus defenders at the moment, it is difficult to trust any system connected to the Internet, whether it has a virus scanner or not.

One option that might become useful in the future is a computer that runs a virtual operating system, such as VMWare. A virtual operating system loads its operating system from a static image. Though the VMware operating system might get infected with a virus, the virus itself does not infect the static image from which the VMWare is loaded. (At least not yet.) Basically, the virutal operating system is protected from a persistent virus threat since it reloads the operating system with every reboot.

Of course, this means that making real persistent changes to the operating system, such as installing new software, becomes very difficult. So difficult, in fact, that we probably won’t see people using virtual operating systems for a while…

Meanwhile, the search goes on for a better method to protect systems against persistent virus infections.