Показано с 1 по 3 из 3.

An explanation in layman terms of the 4 detection methods.

  1. #1
    Full Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Ultima Weapon
    Регистрация
    17.11.2007
    Адрес
    Philippines
    Сообщений
    153
    Вес репутации
    70

    An explanation in layman terms of the 4 detection methods.

    An explanation in layman terms pls????
    a) signature detection (detecting already known malware by the signature method)

    b) heuristic detection (detecting yet unknown malware by the method of emulation / code analysis / etc. Examples: "Heur.Trojan.Generic"; "a variant of: XXXXX")

    c) detection of suspicious file (detecting yet unknown malware by the method of informing the user about suspicious characteristics of a sample under analysis. Examples: "Suspicious file"; "VIPRE: Suspicious")

    d) detection of suspicious cryptor / packer (detecting yet unknown malware by the method of informing the user about the unknown / rare / suspicious packer / cryptor or about the fact of multiple packing / crypting. Example: "HEUR/Crypted").

    Can anyone pls explain how these detection methods work, comparisons between the 4 methods ,pros & cons about them in layman terms. I think I understand signature based & heuretics. But the other two is kinda bit complicated.
    Realtime: Kaspersky Internet Security & A-squared Anti-Mallware (default windows)On Demand Scanner: Avira Premium & Nod32 ,Panda& AVG antispyware & Bitdefender 2008(another windows) Firewall: Online Armor System Recovery: Returnil

  2. #2
    Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    27.08.2006
    Сообщений
    2,453
    Вес репутации
    0
    Both are a preventive types of protection, not based on signatures or behavior, but on the way the [unknown] files are written or packed. Such methods may easily lead to false positives (= the file is marked 'suspicious', while it is not actually malicious). You should be very, very careful with this kind of alerts.
    Цитата Сообщение от Ultima Weapon Посмотреть сообщение
    c) detection of suspicious file
    If the file is an executable, the code that was used to write it is inspected. If there are some strange instructions in the code, you will get a warning. This means that you should be particularly careful with such a file and should send it to the anti-virus lab for analysis.
    Цитата Сообщение от Ultima Weapon Посмотреть сообщение
    detection of suspicious cryptor / packer
    Executables are often packed. Some kinds of packers are specifically used to pack malware so that it won't be detected by your protection. Sometimes, the bad guys use multiple packing as well. Your protection will warn you in these cases. This does not mean that the file inside is necessarily infected. It's more a preventive, pro-active measure. Again, sending the file for analysis is the way to go...

    Paul

  3. #3
    Junior Member Репутация Репутация Репутация Репутация
    Регистрация
    19.12.2007
    Адрес
    New Jersey, USA
    Сообщений
    83
    Вес репутации
    65
    I use the behavior method, of detection. If my computer acts out of character, I start running every scan I can think of.
    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
    -Albert Einstein

Похожие темы

  1. NEW DETECTION
    От akram fattoum в разделе Viruses, Adware, Spyware, Hijackers
    Ответов: 3
    Последнее сообщение: 31.12.2011, 23:18
  2. NEW DETECTION
    От akram fattoum в разделе Помогите!
    Ответов: 2
    Последнее сообщение: 30.12.2011, 11:06
  3. Researchers unveil persistent BIOS attack methods
    От SDA в разделе Computer security news
    Ответов: 0
    Последнее сообщение: 28.03.2009, 12:58
  4. What is AVZ pls? An explanation pls..
    От Ultima Weapon в разделе Beta Testing
    Ответов: 2
    Последнее сообщение: 27.11.2007, 14:17

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00826 seconds with 16 queries