Presentations‎ > ‎

Economic Pressure as an anti-malware tool




Anti-virus and other security products form the most visible part of cyber-defence but, unfortunately, perhaps the most reactive. Other, more proactive components of the defence are user education and general computer hygiene. What is often overlooked is that we, as security industry, have multiple ways of exerting actual financial pressure on the bad guys. Such pressure can be a proactive and potentially also a very effective tool in making computer ecosystem(s) safer. 

Certain technologies are well suited to provide technological support for applying economic pressure onto the computing ecosystems’ players. By cleverly employing various trust metrics and technologies like digital signing, watermarking and PKI in strategically selected places we can encourage good behaviours and punish bad ones. For example, security products and services often employ black listing and white listing for software packages but, instead, it is significantly more effective to apply this classification to the developers, software houses, distribution channels (for example application monetization solutions operated by companies like Perion, Iron Source, etc.)  and software distribution points (app markets and app stores). More granular reputations reflecting trust are an effective approach too and we'll give examples about ranking Android developers' reputation.

We shall look at several ecosystems (Windows, Android, iOS) and slice them into several sub-systems where rather separate rules apply:
- Authenticode digital signing for Windows software
- Official Google Play for Android vs third-party markets
- Advertisement-supported software for mobile platforms and ad libraries 
- Software protected with obfuscating tools (aka packers) and how watermarking and IEEE taggant system affects this problem space
- Advertisement-supported monetization of software for Windows and IEEE taggant v2

We shall analyse the monetary tools available (for example, membership fees and/or subscriptions) attached to the technological means (certificates, credentials, etc.) and how they affect the developers and software distribution chains. We’ll discuss and compare the costs of building reliable defences vs the cost for the attackers in these scenarios. We shall demonstrate how a sensible financial policy can be crafted to promote safety by de-incentivising bad behaviors without inconveniencing genuine players.