The state of software security in early 1990 was abysmal; vendors relied on security through obscurity and were slow to patch or improve the security of their products. This changed with full disclosure, which forced software vendors to adopt effective security policies and practices. The antivirus industry of today looks much like the software industry of 1990. The effectiveness of existing solutions is stagnant or decreasing and vendors mislead their customers about the capabilities of their products. This talk explores the idea of bringing full disclosure to the antivirus industry in an attempt to jumpstart innovation and improve the effectiveness of antivirus. We will examine modern virus writing techniques and explore the implementation of a new metamorphic engine. We will show that the metamorphic engine is capable of evading modern antivirus and we will make a few recommendations on how detection rates could be improved.
Tim Sally is a computer science undergraduate at the University of Illinois, Urbana-Champaign. He has worked at a Department of Energy funded research center and at a large defense contractor. His studies are fully funded by the National Science Foundation.