On TV.com: TRUE BLOOD Meets a Werewolf Biker Gang
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 23 of 45:
Next »
« Previous
A suggestion of how to solve these attacks...
In the last couple of years I've played around with several virtualisation tools - and these, IMHO, suggest a route to solve some of the problems created by modern malware attacks. They all (the ones I've tried, anyway) have the concept of a "virtual hard drive". The clever thing is that some allow the updates to the data in the "virtual drive" to be logged (rather than applied straight away - much like M$ SQL Server writes to the log before the lazy writer comes along and "checkpoints" the database to apply the changes). At the end of a session with a virtual machine - you are then presented with the option to throw away any changes made to the drive during the session - or apply them, so the drive comes up with the changes in place next time the machine is rehydrated.

This would allow a savvy user to throw away a session where they knew they had been hit by malware. Less savvy users could store the log - so that if they later found they had been hit, the log might provide an audit trail of all the changes that would need rolling back. I could see anti malware vendors selling heuristic tools to analyse these logs to make a user aware that they have been hit. As the tools improved - users could be guided through applying/rolling back changes selectively (or you'd have AI sentinels trawling the logs to try to fix problems). This could also be useful to many users that have not been hit by malware - but have simply run a process in error (period end in an accounts package - or something like that).

Virtualisation also offers an "overall" solution to malware threats - this was suggested by someone else - I forget where I read it. A guy was running his kids sessions on his PC entirely within a virtualisation environment. When they got hit with malware - he simply rehydrated another copy of their initial PC image and let them carry on (after educating them about what got them into trouble, I hope). He remained totally isolated from anything silly they did. Sort of a computer sandbox... I think this approach might be appropriate for alot of PC users.

Just a few thoughts...

regards
Posted by: dav1dsm1th   Posted on: 08/01/06 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Message has been deleted.  Reverend MacFellow | 07/31/06
6.75  Linux User 147560 | 07/31/06
OK ---  rbrucecarter | 07/31/06
Not weird, creative  panzrwagn | 07/31/06
Racist message  adirondackseamus | 07/31/06
Not Racist - Wrong Definition  HowardParr@... | 07/31/06
Walefare is racist?  Canticus | 07/31/06
Racist  rsouza@... | 07/31/06
uh huh  Kamchatka | 07/31/06
If I'm racist, I'm racist against ME!  Reverend MacFellow | 08/01/06
I missed the message...before it was deleted  mdsmedia | 08/01/06
HALLELUIA...  bblackmore | 08/01/06
Love it!  999ad@... | 07/31/06
WHY WAS THIS DELETED?  Reverend MacFellow | 08/01/06
as stated earlier...  mdsmedia | 08/01/06
Sorry I don't have a copy, but .....  Reverend MacFellow | 08/01/06
maybe it's still in your temporary internet files? i have learned through  wessonjoe | 08/02/06
Par for the course  slingzenarrowzuvowtrayjissforchin | 08/02/06
Where's the sense?  reliant1884 | 07/31/06
Caliber  tech.paul@... | 07/31/06
Time to take precausions..!  reliant1884 | 07/31/06
Backups good, but...  chicokhan | 07/31/06
A suggestion of how to solve these attacks...  dav1dsm1th | 08/01/06
Licensing cost double  bblackmore | 08/01/06
Points taken  dav1dsm1th | 08/01/06
dav1dsm1th...  bblackmore | 08/01/06
bblackmore, perhaps we're too deep...  dav1dsm1th | 08/01/06
Tell me more... please  qtrback | 08/01/06
Sorry for the delay...  dav1dsm1th | 08/04/06
The only real threat  DemonX | 07/31/06
Why not start making same?  Langalibalene | 07/31/06
Look Further!  reliant1884 | 08/01/06
Overdue  finalquest@... | 07/31/06
Perfect Weapon, Perfect Excuse  jlzimm | 07/31/06
perfect weapon  strubinsky@... | 08/02/06
Rootkit Detection..! Must Read!  reliant1884 | 07/31/06
Thanx for the info!  pundamentalist | 07/31/06
ROOTKIT MANAGEMENT  interested_amateur@... | 08/01/06
Yes this is a nasty bugger  Linux User 147560 | 07/31/06
eWeek is Running Out of Stories  adsanders@... | 07/31/06
Web Card  bblackmore | 08/01/06
Credit Cards would be better  Wizard Prang | 08/01/06
the new terror alert system, brought to you by m$  nix_hed | 08/01/06
Brian Denehy?  robinsonky | 08/01/06
What a goof!  jgmsys@... | 08/01/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet. You’ll be glad you did.
  • Produced by
    ZDNet and