> As an offensive technique, power analysis is quite useful (which is why > NSA boxes filter their power supplies). As a defensive technique it is > entirely useless. If all a malware writer has to do is add > (sleep(rand()); into their code a couple places to defeat your > detection, then you probably shouldn't build a whole company based on > the hope that they won't someday do that.
Antivirus companies had a good run for the past ~20 years, and many of the most successful multi-billion-dollar post-AV businesses embrace a functionally similar approach - just mentioning APT and cloud-based machine learning a bit more. Analyzing power consumption doesn't offend my sensibilities more than divination from binary signatures or syscall patterns. The success of the "enumerating badness" approach to security is probably unparalleled by anything else the industry had to offer in a very long time. So, I'm not sure if your "probably shouldn't" is a valid concern. One could lament so much money and resources being tied up on solutions that will probably not stop an interesting victim from getting owned, but then, what would? The only thing that probably works well is hiring a top-notch security team and giving them sweeping powers - but good candidates are in extremely short supply and are hard to tell apart from quacks. /mz _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
