356lecture09

Behavior blocking software integrates with the

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: to identify the malware •  limited to the detection of known malware second generation: heuristic scanners •  uses heuristic rules to search for probable malware instances •  another approach is integrity checking third generation: activity traps •  memory-resident programs that identify malware by its actions rather than its structure in an infected program fourth generation: full-featured protection •  packages consisting of a variety of anti-virus techniques used in conjunction •  include scanning and activity trap components and access control capability Generic Decryption (GD) •  enables the anti-virus program to easily detect complex polymorphic viruses and other malware while maintaining fast scanning speeds •  executable files are run through a GD scanner which contains the following elements: •  CPU emulator •  virus signature scanner •  emulation control module •  the most difficult design issue with a GD scanner is to determine how long to run each interpretation Host-Based Behavior-Blocking Software •  integrates with the operating system of a host computer and monitors program behavior in real time for malicious action •  blocks potentially malicious actions before they have a chance to affect the system •  blocks software in real time so it has an advantage over anti-virus detection techniques such as fingerprinting or heuristics limitations •  because malicious code must run on the target mac...
View Full Document

This note was uploaded on 02/11/2014 for the course CS 356 taught by Professor Danmassey during the Spring '13 term at Colorado State.

Ask a homework question - tutors are online