, 2004-09-07
Eager to tarnish Microsoft's shiny new Service Pack 2, the security press managed to spin the most thin and marginal issues into "gaping holes" and "security craters."
Expand all |
Post comment
Feast of Egos
2004-09-08
Todd Knarr (2 replies)
Todd Knarr (2 replies)
true. but using a compiler as a BASE for an obfuscator is a relatively simple task. working in between AST and code generation allows for a fairly robust and irritating compiler. turn off optimization, and create meaningless sidetracked dependency graphs. the compiler will scribble it out regardless. that entire section of drivel should keep scanners busy, and no jmp tables there. a problem avoided is a problem solved methinks.
essentially, the limit of obfuscation is our imagination. as soon as we start doing this, the AV software starts to wobble. they essentially all rely on varients of the same algorithm, capable of scanning for an infinite number of binary regex's in the time it would take to scan for one (barring other constraints, such as cache hits, thrashing in swap hell, etc.).
the point is to detract the matcher algorithm, not to hide it from a human, but to make the simple mathematical tools used in the science of virus detection break. to spew out 10% false positives is a more broken tool than one which just silently hopes that it's not going to find *that* particular varient of malware.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/265/28519#28519