Home' Trinidad and Tobago Guardian : July 5th 2017 Contents tobagotoday.co.tt July 5 - 2017
How Artificial Intelligence is
taking on Ransomware
NEW YORK - Twice in the space of six
weeks, the world has suffered major attacks
of ransomware - malicious software that
locks up photos and other files stored on
your computer, then demands money to
It's clear that the world needs better
defenses, and fortunately those are starting
to emerge, if slowly and in patchwork fash-
ion. When they arrive, we may have artifi-
cial intelligence to thank.
Ransomware isn't necessary trickier or
more dangerous than other malware that
sneaks onto your computer, but it can be
much more aggravating, and at times dev-
astating. Most such infections don't get in
your face about taking your digital stuff away
from you the way ransomware does, nor do
they shake you down for hundreds of dollars
Despite those risks, many people just aren't
good at keeping up with security software
updates. Both recent ransomware attacks
walloped those who failed to install a Win-
dows update released a few months earlier.
Watchdog security software has its prob-
lems, too. With this week's ransomware
attack , only two of about 60 security ser-
vices tested caught it at first, according to
"A lot of normal applications, especially
on Windows, behave like malware, and it's
hard to tell them apart," said Ryan Kalember,
an expert at the California security vendor
HOW TO FIND MALWARE
In the early days, identifying malicious
programs such as viruses involved matching
their code against a database of known mal-
ware. But this technique was only as good
as the database; new malware variants could
easily slip through.
So security companies started character-
izing malware by its behavior. In the case of
ransomware, software could look for repeat-
ed attempts to lock files by encrypting them.
But that can flag ordinary computer behav-
ior such as file compression.
Newer techniques involve looking for com-
binations of behaviors. For instance, a pro-
gram that starts encrypting files without
showing a progress bar on the screen could
be flagged for surreptitious activity, said
Fabian Wosar, chief technology officer at the
New Zealand security company Emsisoft.
But that also risks identifying harmful soft-
ware too late, after some files have already
been locked up.
An even better approach identifies malware
using observable characteristics usually asso-
ciated with malicious intent - for instance,
by quarantining a program disguised with a
PDF icon to hide its true nature.
This sort of malware profiling wouldn't
rely on exact code matches, so it couldn't
be easily evaded. And such checks could be
made well before potentially dangerous pro-
grams start running.
MACHINE VS. MACHINE
Still, two or three characteristics might
not properly distinguish malware from legit-
imate software. But how about dozens? Or
hundreds? Or even thousands?
For that, security researchers turn to
machine learning, a form of artificial intel-
ligence. The security system analyzes sam-
ples of good and bad software and figures
out what combination of factors is likely to
be present in malware.
As it encounters new software, the system
calculates the probability that it's malware,
and rejects those that score above a certain
threshold. When something gets through,
it's a matter of tweaking the calculations or
adjusting the threshold. Now and then,
researchers see a new behavior to teach the
AN ARMS RACE
On the flip side, malware writers can obtain
these security tools and tweak their code to
see if they can evade detection. Some web-
sites already offer to test software against
leading security systems. Eventually, malware
authors may start creating their own
machine-learning models to defeat securi-
ty-focused artificial intelligence.
Dmitri Alperovitch, co-founder and chief
technology officer at the California vendor
CrowdStrike, said that even if a particular
system offers 99 percent protection, "it's
just a math problem of how many times you
have to deviate your attack to get that 1
Still, security companies employing
machine learning have claimed success in
blocking most malware, not just ransomware.
SentinelOne even offers a $1 million guar-
antee against ransomware; it hasn't had to
pay it yet.
A FUNDAMENTAL CHALLENGE
So why was ransomware still able to spread
in recent weeks?
Garden-variety anti-virus software - even
some of the free versions - can help block
new forms of malware, as many are also
incorporating behavioral-detection and
machine-learning techniques. But such soft-
ware still relies on malware databases that
users aren't typically good at keeping up to
Next-generation services such as Crowd-
Strike, SentinelOne and Cylance tend to ditch
databases completely in favor of machine
But these services focus on corporate cus-
tomers, charging $40 to $50 a year per com-
puter. Smaller businesses often don't have
the budget - or the focus on security - for
that kind of protection.
And forget consumers; these security com-
panies aren't selling to them yet. Though
Cylance plans to release a consumer version
in July, it says it'll be a tough sell - at least
until someone gets attacked personally or
knows a friend or family member who has.
As Cylance CEO Stuart McClure puts it:
"When you haven't been hit with a tornado,
why would you get tornado insurance?" (AP)
Congo declares end to Ebola
outbreak after 4 deaths
KINSHASA, Congo - Congo's health
minister has declared an end to the coun-
try's Ebola outbreak.
Health Minister Oly Ilunga Kalenga said
in a statement Saturday that Congo has
officially gone 42 days with no new record-
ed cases of the deadly virus. The health
minister says the outbreak killed four of
the eight people infected.
Officials announced the outbreak in May,
saying it began in Bas-Uele province in
Congo's remote northeast in the Likati
zone, some 1,400 kilometers (870 miles)
from the capital, Kinshasa.
The World Health Organization called it
the eighth outbreak of the hemorrhagic
fever in Congo since 1976.
None was connected to the massive out-
break in Guinea, Liberia and Sierra Leone
that left more than 11,300 dead. That out-
break was declared finished a year ago.
Driver ticketed for strapping
furniture, bicycles to roof
CONCORD, N.H. - One New Hampshire
driver should've heeded the old advice
that you can't take it with you.
WMUR-TV reports a minivan pulled
over on Wednesday had furniture, bicycles
and boxes strapped to the roof and a
wheeled basket dangling over the back
window. There was also a furniture dolly
hanging against a driver's side window.
The items on the roof doubled the height
of the van, which was pulled over going
north on Interstate 93 near Londonderry.
State police posted a picture of the van
Police are warning people to avoid driv-
ing with too many items strapped to the
tops of their vehicles. They say the num-
ber of items on the van constituted a haz-
Police issued the driver a ticket for neg-
ligent driving and having an uninspected
Links Archive July 4th 2017 July 6th 2017 Navigation Previous Page Next Page