UK research suggests that approximately 97% of businesses have an internet connection and the vast majority of those are now using broadband access. The same research also found that infection with computer viruses, spyware, worms, Trojans, and other malicious software was the biggest single cause of security incidents, accounting for about half of all incidents, with “offline” theft, social engineering, and break-ins accounting for the rest. In other words, improving protection against malware could cut security breaches by half.

A virus is a “malicious” self-replicating program that spreads by inserting copies of itself into other executable code or files.

An antivirus is a program that attempts to identify and remove computer viruses.

Unfortunately, virus writers are a wily group, always one step ahead of the antivirus writers. Moreover the emergence of any given piece of malware can have an acute impact – a zero-day effect – on the day it enters the wild before antivirus software can be updated. There are tools such as heuristics and zero-day defences (like PC Tools’ ThreatFire) that can trap such malware. But, more recently virus writers have begun using the techniques of protection themselves in a relatively new approach known as cryptovirology. This combines cryptographic techniques with viral technologies to strengthen a malicious attack or the hijacking of a computer network by masking the existence of the malicious code from the system’s defences.

As information technology becomes more widespread and expands ever rapidly into the mobile communication sphere, it seems that the computer security industry must continually take small steps forward as each wave of security-breaching software pushes it back. But, if malware writers are exploiting the tools of encryption, then so too might the security industry.

According to Athanasios Karantjias and Nineta Polemi of the Department of Computer Science, at the University of Piraeus, Greece, “Although, current antiviral programs try to detect viruses by using static and dynamic methods, all existing methods [inevitably] fail, ” when faced with the most advanced, encrypted attacks.

They have now assessed the threat of cryptovirology and investigated how cryptography might be used as a defence. “Even if cryptography is nowadays used to implement untraceable and complex viruses, the same technology can be used to integrate a set of mechanisms that can minimise the possibility and the risks posed by the cryptovirological attacks,” they explain, “Indeed, several cryptography-based measures can be taken to significantly reduce the risk of being infected, implementing mechanisms to detect viruses prior to or immediately following system infiltration.”

Fundamentally, security systems make the unwarranted assumption that malware and unwanted actions on a computer can be recognised, and so stopped. Experience suggests that today there are a multitude of ways in which unwanted activity can be performed (witness the spread of bot-nets) and antivirus software will not necessarily recognise that there is a problem, especially if one adds user culpability into the equation.

Viruses commonly infect or replace system files with their own computer code. At first glance one might assume such changes would be easy to detect. However, virus writers exploiting cryptovirological methods can obfuscate changes very easily. In order to respond to this issue it might be necessary to implement cryptographic protection of system files even before they are installed. If software production could itself embed a hashtag protocol and a section of encrypted code during compilation that is then self-checking once the code is installed and run on a machine, then antivirus software might become redundant as such an approach would alert users to infection attempts without recourse to cross-checking against a database of viruses.

Unfortunately, such an approach would require the software industry, the open source, movement, and shareware writers to adopt the same antivirus tactics. That is unlikely to ever happen and given that there may be within any organisation individual programmers who would either maliciously or inadvertently introduce bugs that would open up vulnerabilities in such a system, the virus writers probably have little to worry about just yet.

Athanasios Karantjias, & Nineta Polemi (2010). Assessment of advanced cryptographic antiviral techniques Int. J. Electronic Security and Digital Forensics, 3 (1), 60-72