Compiler with built-in AV = No virus development?
-
11-10-2019 - |
문제
Is it possible to produce compilers that heuristically check for malware behaviour? If it is possible why has not it been implemented? Wouldn't that strongly help preventing the production of such viruses, I mean why wait to stop them once they are out there?
Even if these people use a compiler that does not use the "proposed" built in AV, personal AV could detect that and grade the file as risky (sort of like SSL Certificates)
해결책
You're making a lot of assumptions:
- That the virus writers couldn't disable the built-in AV of any open-source (or even closed-source) compilers. Given how DRM is consistently and quickly broken, this seems unlikely.
- That the virus writers couldn't simply use an existing pre-AV compiler.
- That the virus writers couldn't create their own non-AV compiler.
- That there are no legitimate programs that would trigger the compiler's AV heuristics.
- That today's compiler writers can accurately predict and model all current and future AV behavior in order to produce a heuristic that is even remotely effective.
Seems to me like it's a non-starter.
Your comment about using non-AV compilers is essentially "code signing", and has been a common practice for years (decades?). The barrier there, however, is distribution of certificates, and coming up with a reasonable list of trusted signers. They're big enough problems that noone's found a way to solve them yet without severely limiting the usefulness of computers.
For even more information closely related to this subject, see this paper by Ken Thompson.
다른 팁
Existing AV generally works with a black-list approach. (Comparing threat signatures against files.) That would be, by definition, almost useless on an entirely new threat.
Every operation you could try to classify would end up blocking a legitimate program; if the operations didn't have a legitimate use, the OS designers would remove them for safety reasons.
There is the classical paper "Reflections on Trusting Trust" by Ken Thompson.