Ultima Weapon
20.11.2007, 07:21
An explanation in layman terms pls????:'-(
a) signature detection (detecting already known malware by the signature method)
b) heuristic detection (detecting yet unknown malware by the method of emulation / code analysis / etc. Examples: "Heur.Trojan.Generic"; "a variant of: XXXXX")
c) detection of suspicious file (detecting yet unknown malware by the method of informing the user about suspicious characteristics of a sample under analysis. Examples: "Suspicious file"; "VIPRE: Suspicious")
d) detection of suspicious cryptor / packer (detecting yet unknown malware by the method of informing the user about the unknown / rare / suspicious packer / cryptor or about the fact of multiple packing / crypting. Example: "HEUR/Crypted").
Can anyone pls explain how these detection methods work, comparisons between the 4 methods ,pros & cons about them in layman terms. I think I understand signature based & heuretics. But the other two is kinda bit complicated.:'-(
a) signature detection (detecting already known malware by the signature method)
b) heuristic detection (detecting yet unknown malware by the method of emulation / code analysis / etc. Examples: "Heur.Trojan.Generic"; "a variant of: XXXXX")
c) detection of suspicious file (detecting yet unknown malware by the method of informing the user about suspicious characteristics of a sample under analysis. Examples: "Suspicious file"; "VIPRE: Suspicious")
d) detection of suspicious cryptor / packer (detecting yet unknown malware by the method of informing the user about the unknown / rare / suspicious packer / cryptor or about the fact of multiple packing / crypting. Example: "HEUR/Crypted").
Can anyone pls explain how these detection methods work, comparisons between the 4 methods ,pros & cons about them in layman terms. I think I understand signature based & heuretics. But the other two is kinda bit complicated.:'-(