Different types of virus detection?
I have been thinking more and more that the industry is going about Malware detection the wrong way...
Who wants to make sure they have the latest virus definitions and other security 'updates' to help keep the peace? Its ugly and the programmer in me keeps thinking there has to be a better way, cos this model sucks...
The end-user generally doesn't understand the nature of these definitions and will often forget to update. This would all be null if they just implemented some basic security measures in the first place (prevention not cure)... but thats for a different discussion...
I have heard on the wind about a different 'style' of malware-detection software. It can have Zero-day malware detection because its based on the nature of the 'software' rather than some predefined rule-set that needs to be updated. [like semantic not syntactic]
Can anyone shed some light on this?
Re: Different types of virus detection?
Quote:
I have heard on the wind about a different 'style' of malware-detection software. It can have Zero-day malware detection because its based on the nature of the 'software' rather than some predefined rule-set that needs to be updated. [like semantic not syntactic]
By this do you imply that this software uses some form of ' intelligent pattern recognition' to classify a progam as malware, rather than just matching signatures? Now if some software has this functionality, Then I belive it'll have a solid grounding in heuristic approaches or may be some sort of sand box testing....
But do you think it'll be sucessful? AFAIK, malware doesn't conduct any "signature" activity that gives its true identity away and this implies that heurisitcs are not an attractive alternative either. Sand box testing may work out but it could take ages to put every third party add-on that you have in the "box" and check if it is malware or not.
With the current picture, I don't think things will change for sometime... maybe an year or so later, software will get 'smart' to nail 'smarter' malware
Re: Re: Different types of virus detection?
Quote:
Originally posted here by darkcod3r
By this do you imply that this software uses some form of ' intelligent pattern recognition' to classify a progam as malware, rather than just matching signatures?
I'm not sure... I'm sure there are ways of doing this and I wasn't sure whether methods already existed.
afaik, heuristic analysis still need rules... and virus creators would most definately find these out and write around them!!
Is there nothing else?
I know a linux distribution called "CHAOS" (which has very limited uses...) does hash checking on its kernel and other files every n seconds to ensure integrity (it would restarts OS and/or notify user of event if didn't match) I'm not suggesting we can do this exactly in other OS's... but its a more proactive approach than downloading definitions... Or would this just get written around as well?