Botnets! Ever increasing Threat!!

[Guest]

[Little Mac]

I think this idea is part of what Comodo is doing when users use the file submission process.  They analyze and create the signature for it.  Not sure the format of the signature, but even if it were something as "simple" as an md5 hash, the odds of there being an illegitimate match are 2¹²⁸ against.  Go to some other stronger crypto sig and the odds go even higher.  If you wonder how big that number is, put it in a scientific calculator... 

LM

[Burillo]

you can't hash polymorphic and metamorphic viruses since they always change their contents :-)))

[venom_zx]

[ at ]Burillo
well the idea was that if the hash was not recognizable, the program would be seen as suspect.

[ at ]gibran
but i guess it's true that programs can be exploited while running ( forgot about that ). well i thought that atleast, more detailed messages could be avoided for users that don't get those.

behavioural fingerprinting sounds more in the direction of leak protection or possible virus scanners.

yea, if software authors made a behavioural signature and code signature. then it would make it even harder to exploit. first exploits would have to be found where these signatures can't change. but programs with plugins might have some pretty varried behaviour.

but i guess it's always nice to not fully have to trust applications.

[Tags:]