Greeting's

What I'm going to say next is something which is very well known and also I think a BIG NIGHTMARE FOR ALMOST ALL ADMINS,

I'm talking about custom code's.

I'm taking example of a custom Trojan/backdoor posted here on antionline not so much time back.
For all those who remember it was called "GENIE" (thats what the member who posted it called it.
Anyway I had some free time which I decided to put to some *experimental* use, I decided to get my entire PC scanned online and offline.

I had overall of 4 viruses (1 trojan and 3 symbian viruses, all in seperate zip files). I have norton antivirus 2005 installed on the system (bloodhound was set to medium [default] for real time scanning and high to manual scanning). I downloaded latest definition from the web site and installed it before the scanning.

Following are the scanners (anti-viruses) used and their results

Norton anti-virus 2005 : clean

Trendmicro's Housecall : found 1 trojan

Microsofts live : found 3 symbian viruses

Panda : clean

So results are very clear, if the virus is in the wild then there is a signature for it(except trendmicro which found the trojan, i'm not counting symbian viruses as they only infect symbian OS) or else there is no signature.

I really got nightmare's after I read a particular article posted by a member here at antionline about rootkit's. A custom coded virus or riskware is almost impossible to find using anti-virus even with heuristic technology enabled.

So here is my question how do you protect a system from such infection. Now I know keeping other measure's of security tight is the best way but I want options beyond it.

I would like options for both home PC and a PC in network environment

Here is what I though of :

using a checksum software for all the files on the system right after installing and updating but this is not possible for networks and large organizations.


PS. : ill also be posting links from symantec's response to the trojan sample's I had submitted.
I would also like to thank Tiger Shark for helping me in this thread



Edit

Symantec Security Response has determined that the sample(s) that you provided
are infected with a Trojan. We have created RapidRelease
definitions that will detect this threat. Please follow the instruction at the
end of this email message to download and install the latest RapidRelease
definitions.
Downloading and Installing RapidRelease Definition Instructions:
1. Open your Web browser. If you are using a dial-up connection, connect to any
Web site, such as: http://securityresponse.symantec.com/
2. Click this link to the ftp site:
ftp://ftp.symantec.com/public/englis...asedefsi32.exe.
If it does not go to the site (this could take a minute or so if you have a slow
connection), copy and paste the address into the address bar of your Web browser
and then press Enter.
3. When a download dialog box appears, save the file to the Windows desktop.
4. Double-click the downloaded file and follow the prompts.

/Edit