Classify malware by economic damage not technology say security veterans

The IT security industry should change the way it classifies malicious software to focus on the damage it does, rather than the technical way the software works, according to two industry veterans.

Share

The IT security industry should change the way it classifies malicious software to focus on the damage it does, rather than the technical way the software works, according to two industry veterans.

They argue that today's classification system, which tends to focus on the technicalities of malware, neglects a far more important metric that matters more to users: how it tries to steal your money.

"I come from 26 years of technical support, and it irks me that we protect people against things and they don't know what we're protecting them against," said David Perry, global director for education at Trend Micro.

Perry and Anthony Arrott, a colleague at Trend, will present their paper, New approaches to categorising economically-motivated digital threats," on Friday at a security conference in Vienna.

Take the term "virus." The proper definition of virus is a piece of software that replicates or makes copies of itself and attaches itself to other pieces of software.

But for nonsecurity professionals, it's "taken to mean the universal indication that there is something wrong with their computer, no matter what the cause," Perry said. Toss in relatively newer terms such as "Trojan horse," "dialer" and "adware" and the situation becomes a mix of confusing vocabulary.

Perry and Arrott stop short of proposing a new taxonomy. However, they do detail some parameters that should be considered when building a new framework to categorise Web threats.

Although malware categorisation systems exist, a new one is necessary because of the focus on economic crime. The "business" models behind the malware are far easier to define than the infinite technical variations that the malware can take, they write.

Find your next job with computerworld UK jobs