undefined | Better HN

0 pointsvarunsharma073y ago0 comments

If there was a way to know the behavior of NotPetya and realize that it has code to do things that M.E.Doc (the tax preparation program that was backdoored) was not supposed to do, that could have been used as a way to reject its installation. We are far away from being able to do such analysis at scale, but my point is that it is ultimately the behavior of software that makes it malicious or not.

0 comments

MattPalmer10863y ago

I don't think that is possible for any software that isn't completely trivial. It's related to the halting problem.

If you are relying on detecting behaviour, then you have to run it.

NotPetya did nothing abnormal until it was triggered by the response to a normal network call. The first opportunity to block it would be when it was triggered.

So you could not have blocked the install by this method.

You can detect likely malicious behavior and contain those systems, which would have helped.

j / k navigate · click thread line to collapse