The Debate.org debate that I am choosing to discuss in this blog post is the debate titled “Malware will come to an end,” which is located at the URL “http://www.debate.org/debates/Malware-will-come-to-an-end/1/”. The initial post in this debate was the “Pro” debater claiming that malware will come to an end because anti-virus software is blocking more malware as it arises and since a lot of new malware is being written with code from previous pieces of malware, all malware will be able to be blocked. The “Con” debater’s main point was that new malware is always being written and it may not use older code, so this method of blocking will not always work.
I chose to write about this debate for a few reasons. First of all, I have had an interest in computers/IT and Computer Security for a long time, so this debate immediately piqued my interest. Next, at my respective IT Support Specialist summer jobs and my job at the University as a Help Desk Consultant, I have participated in countless malware remediation procedures, so I feel confident in saying that malware is an issue that is present in popular culture. Finally, with the UN estimating that nearly 3 billion people will have access to the Internet by the end of this year (Rodriguez “60% of world’s population still won’t have Internet by the end of 2014”) (and this number is rapidly on the rise with projects such as Google’s Project Loon and Internet.org) and malware being mainly spread through infected websites (Acohido “Malware now spreads mostly through tainted websites”), the number of people who are at risk for and are likely to get an infection is on the rise. Due to the spread of Internet access and my personal Interest in this issue, I have decided to discuss this particular topic in my response.
I will be arguing on the “Con” side, being the side that does not believe that malware will come to an end. I feel this way for a variety of reasons which I will elaborate on further in this blog post. Essentially, the programmers who write malware are always looking for ways around things and they are pretty good at doing such. Furthermore, anti-malware software, for right now and for the foreseeable future, it dependent on the Internet, which is a pretty significant issue.
The “Pro” debater said that s/he believes that since computer security companies are constantly releasing anti-malware software and malware definitions and that a lot of malware borrows old code, anti-malware software will eventually block all malware. I find this statement to be false because there is not a finite amount of malware in the world. Just as there are new children being born every day, so too there is new malware being released every day (Pauli “158 new malware created EVERY MINUTE”). There is not a finite amount of malware in the world, so anti-malware software will never be able to block it all, such as the malware the “Con” debater produced.
The “Pro” debater mentioned a news article about an Israeli company, Cyactive, which is developing software to predict the malware that hackers will create and block it before it even exists. However, there is one critical flaw with this system, which is that “CyActive’s detectors are created in CyActive’s cloud” (“The Architecture – CyActive”). With this kind of a system, one would need an active Internet connection to get the malware detectors from CyActive’s servers. As such, this will not help computers which are not connected to the Internet.
Another point that the “Con” debater made is that hackers will not always use code that is already out in the wild and especially when they believe that they can write better, more efficient code. Different code will yield different patterns for anti-malware software to detect, which is another obstacle that is nearly impossible to overcome.
An example of very dangerous malware is targeted malware, such as Stuxnet, which had very specific activation requirements, such as the computer having Siemens Step 7 software installed and there being a Siemens centrifuge spinning at a certain speed (Stark “Mossad’s Miracle Weapon: Stuxnet Virus Opens New Era of Cyber War – SPIEGEL ONLINE”).
I will now give an example of a very difficult to catch piece of malware, despite it being in the wild for a few years now. This malware is called known by the name Zeus. Anybody is able to download the tools to build their own Zeus “botnet” (a group of computers under the control of “command and control” servers to perform tasks) (Macdonald “FortiGuard.com | Zeus: God of DIY Botnets”). Below is a video showing you how to make your own Zeus botnet:
With this kind of information readily available, it is of course no wonder that there are over 700 “Command & Control Servers” online (“Welcome to the ZeuS Tracker”) at the time of this writing (November 20, 2014 1:53AM EST).
As I have shown through many examples and counterexamples, it is unlikely that malware will come to an end.
Acohido, Byron. “Malware Now Spreads Mostly through Tainted Websites.” USA Today.
Gannett, 4 May 2013. Web. 19 Nov. 2014.
Macdonald, Doug, and Derek Manky. “FortiGuard.com | Zeus: God of DIY Botnets.”
FortiGuard.com. FortiGuard. Web. 20 Nov. 2014.
Pauli, Darren. “158 New Malware Created EVERY MINUTE.” The Register. The Register, 6
Nov. 2014. Web. 20 Nov. 2014. <http://www.theregister.co.uk/2014/11/06/158_new_malware_born_every_minute/>.
Rodriguez, Salvador. “60% of World’s Population Still Won’t Have Internet by the End of
2014.” Los Angeles Times. Los Angeles Times, 7 May 2014. Web. 19 Nov. 2014.
Stark, Holger. “Mossad’s Miracle Weapon: Stuxnet Virus Opens New Era of Cyber War –
SPIEGEL ONLINE.” SPIEGEL ONLINE. SPIEGEL ONLINE, 8 Aug. 2011. Web. 20
“The Architecture – CyActive.” CyActive. Web. 20 Nov. 2014.
“Welcome to the ZeuS Tracker.” ZeuS Tracker. Web. 20 Nov. 2014.