Skip to Content
Uncategorized

Norman Sandbox Won’t Work

Scott Fulton at BetaNews just published an uncritical puff piece about computer-security firm eEye’s new antivirus product, Blink.

The main thrust of the article is that Blink will be able to find and detect brand-new viruses by running suspect programs in a virtual machine and observing their behavior:

The Norman SandBox, Maiffret described, is a fast, stand-alone virtual machine, which tests the code of executables to see whether they’ll do interesting things, such as changing the Windows System Registry startup keys, or some very interesting things, such as connect to an IRC chat server somewhere in Russia.

Rather than scan everything all the time, however, the new Blink will scan newly discovered executables, and may perhaps rescan them if, for instance, their patterns or file size appears to have changed. But if it’s the same executable, by default, Blink will only scan it once.

Unfortunately, this approach is pretty easy for a would-be virus writer to avoid. For example, the “virus” could perform its malicious activity only if it receives user input (which it is unlikely to receive in a virtual machine but likely to receive if it pops up a window). Or the virus could check to see if it is running in a virtual machine using technology that is now readily available.

Of course, the real problem with this approach is that it’s theoretically impossible to look at a program and figure out what it’s going to do. This is just another recasting of Turing’s famous “halting problem.” Even running the program in a virtual machine won’t tell you what it’s going to do once you run it in the wild.

Keep Reading

Most Popular

AV2.0 autonomous vehicles adapt to unknown road conditions concept
AV2.0 autonomous vehicles adapt to unknown road conditions concept

The big new idea for making self-driving cars that can go anywhere

The mainstream approach to driverless cars is slow and difficult. These startups think going all-in on AI will get there faster.

biomass with Charm mobile unit in background
biomass with Charm mobile unit in background

Inside Charm Industrial’s big bet on corn stalks for carbon removal

The startup used plant matter and bio-oil to sequester thousands of tons of carbon. The question now is how reliable, scalable, and economical this approach will prove.

AGI is just chatter for now concept
AGI is just chatter for now concept

The hype around DeepMind’s new AI model misses what’s actually cool about it

Some worry that the chatter about these tools is doing the whole field a disservice.

images created by Google Imagen
images created by Google Imagen

The dark secret behind those cute AI-generated animal images

Google Brain has revealed its own image-making AI, called Imagen. But don't expect to see anything that isn't wholesome.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.