They Get Paid for This?
Recently, Microsoft Research published a “paper” regarding the detection of hidden files on a Windows system, ostensibly for the purpose of detecting rootkits, Trojans, keyloggers and some forms of spyware. I can sum it up for you completely in one sentence: do a full directory listing, reboot off of a clean OS CD and do another listing and then compare the two listings, looking for files that didn’t show up in the first one. This completely obvious idea takes up 5 full double-spaced pages and is replete with popular movie references; the idea that one would need an analogy to understand such a blindingly obvious idea is actually insulting. It looks like the papers I used to write the night before they were due back in college. At any rate, I have a few thoughts about this paper.
The first is that I am glad that Microsoft is spending some effort in the anti-spyware realm. This is a much bigger problem than the average computer user realizes and even bigger than some IT personnel care to admit (to their customers, at least). I expect to see much more research to come out of Microsoft in the coming years with regard to spyware detection, prevention and mitigation, especially in light of their newly acquired Microsoft AntiSpyware product.
Having said this, I will reiterate that this “paper” describes an idea that, while currently effective, is so blatantly obvious that I can’t believe that they took the time to write it down, let alone take 14 screenshots of WinDiff in what was clearly an effort to legitimize the work. As well, they didn’t even take the time to seriously investigate how a piece of malware could circumvent this technique and what could be done about that (I have already thought of a way to circumvent this that I’m pretty sure they haven’t thought of).
The real issue with this paper is not that they wrote it, but that I believe that these Microsoft researchers will now attempt to patent it. It is no secret that the state of patents in the United States with respect to software has been seriously damaged for some time and this serves to bolster the frequency of frivolous patent application submissions. Personally, I would like to see Microsoft attempt to come up with something original in the anti-spyware space rather than waste my tax dollars in the pursuit of undeservedly extending their monopoly position.