Ask WINE: Are We Safer Today? Evaluating Operating System Security through Big Data Analysis presented at 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats 2012

by Tudor Dumitras, Petros Efstathopoulos,

Tags: Statistics Telemetry


Summary : The Internet can be a dangerous place: 800,000 new mal- ware variants are detected each day, and this number is growing at an exponential rate—driven by the quest for economic gains. However, over the past ten years operating-system vendors have introduced a number of security technologies that aim to make exploits harder and to reduce the attack surface of the platform. Faced with these two conflicting trends, it is difficult for end- users to determine what techniques make them safer from Internet attacks. In this position paper, we argue that to answer this question conclusively we must ana- lyze field data collected on real hosts that are targeted by attacks—e.g., the approximately 50 million records of anti-virus telemetry available through Symantec’s WINE platform. Such studies can characterize the factors that drive the production of malware, can help us understand the impact of security technologies in the real world and can suggest new security metrics, derived from field ob- servations rather than small lab experiments, indicating how susceptible to attacks a computing platform may be.