Re: Malware Triangle

From: kurt wismer (kurtw_at_sympatico.ca)
Date: 11/20/04

  • Next message: kurt wismer: "Re: Malware Triangle"
    Date: Sat, 20 Nov 2004 00:26:28 -0500
    
    

    Richard S. Westmoreland wrote:

    > I have developed a new theorem on the associations of the various malware we
    > deal with on a regular basis. It started out as a way to classify the
    > primary Internet threats, such as viruses, spam, and spyware, and then I
    > realized that the other threats were just blended characteristics of those
    > 3. Then once this was mapped out on the triangle, I saw another
    > association - 3 smaller triangles formed the solutions that combat those
    > threats - antivirus, antispam, and antispyware. They tend to overlap.
    >
    > I have been studying another triangle - the 3 pillars of security
    > (Confidentiality, Integrity, and Availability), and notice that those match
    > up with the Malware Triangle. (That comparison is not on the site yet)
    >
    > Please share your opinions/comments on this:

    well, on the positive side i like the number 3...

    other than that the relationships seem to be overly simplistic or in
    some cases just plain wrong...

    for example, spam doesn't belong anywhere near a malware diagram... it
    is not a threat to anything other than your time and/or your pocketbook
    (if you happen to get suckered into buying something)... in the grander
    sense i suppose it's also a threat to the usefulness of email in
    general, but it's no more a threat than being exposed to advertising on
    tv or in a magazine or on the side of the highway...

    then there's this supposed relationship between spyware and adware,
    only they aren't related... adware, by its very nature, 'advertises'
    it's presences and it's actions while spyware does pretty much the
    opposite... their only real commonality is that they're both (usually)
    non-replicating malware... by the way, adware doesn't necessarily
    gather any information, that's more of a spyware trait - any adware
    that does so happens to also be spyware...

    phishing is spam with spyware-like intent but that's about as close as
    it gets...

    this juxtaposition of "zombie" and "trojan" seems pretty telling as to
    what you think trojans are supposed to be, but i assure you the class
    is much broader than just remote administration tools... furthermore
    RAT's are not closely related to either viruses or spyware - the
    distinguishing characteristic of spyware is that it surreptitiously
    sends information to a 3rd party (effectively providing a one-way
    transmission) whereas a RAT allows the 3rd party to control the pc
    (which is a 2-way transmission or at the very least a one-way
    transmission in the opposite direction)... the distinguishing
    characteristic of a virus is that it self-replicates however there
    aren't that many self-replicating RATs....

    the relationship between worms and viruses is another misfire as one is
    generally considered to be a subset of the other (though which is the
    subset and which is the superset is debatable)... worms are definitely
    not viruses + spam... there's even a good argument to be made for virus
    = worm...

    -- 
    "maxwell can tell he's in hell
    just wants you to visit him there
    same old game that he's playin'
    his rules are never fair"
    

  • Next message: kurt wismer: "Re: Malware Triangle"

    Relevant Pages

    • Re: Spontaneous pop-ups in IE6
      ... parasites, malware, spyware, adware, worms and viruses, thus, no one program ... Parasites, malware, spyware, adware all may require ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Re: ****** What SP2 does not solve ******
      ... > already had solutions for such as viruses and Trojans. ... > months we had anew security patch from Microsoft and other Windows ... > current and most lethal security threats we face namely Spyware:(. ...
      (microsoft.public.windowsxp.general)
    • computer slow and freezes
      ... Probably a bunch of Spyware, Adware, and/or Viruses. ... Lavasoft), I removed 387 objects from her computer and now ...
      (microsoft.public.windowsupdate)
    • Re: Freezing
      ... Scan for viruses ... Scan for adware & spyware ... Check Event Viewer for clues ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Keyboard and Mouse sharing
      ... they do want it to, keeps changing their home page, finds viruses, ... adware and spyware every time they run some anti-virus software. ...
      (uk.comp.sys.mac)