Computer Viruses and Malware phần 5

mặc dù tên của nó, có thể phát hiện tất cả các loại phần mềm độc hại. Có ba đặc điểm liên quan với các loại phần mềm độc hại. 1 tự sao chép phần mềm độc hại tích cực nỗ lực để hướng dẫn breakpoint mã hóa hướng dẫn hướng dẫn hướng dẫngiải mã lệnh tiếp theo | Anti-Virus Techniques 81 are performed rarely and can be much slower and more resource-intensive if 164 necessary. Verification Virus detection usually doesn t provide the last word as to whether or not code is infected. Anti-virus software will often perform a secondary verification after the initial detection of a virus occurs. Verification is performed for two reasons. First it is used to reduce false positives that might happen by coincidence or by the use of short or overly general signatures. Second verification is used to positively identify the virus. Identification is normally necessary for disinfection and to prevent being led astray virus writers will sometimes deliberately make their virus look like another one. In the absence of verification anti-virus software can misidentify the virus and do unintentional damage to the system when cleaning up after the wrong virus. Verification may begin by transforming the virus so as to make more information available. One way to accomplish this when an encrypted virus is suspected is for the anti-virus software to try decrypting the virus body to reveal a larger signature. This process is called X-raying 65 For emulation-based anti-virus software X-raying is a natural side effect of operation. X-raying may be automated in easier ways than emulation if some simplifying assumptions are allowed. A virus using simple encryption or a static encryption key with or without random encryption keys does not hide the frequency with which encrypted bytes occur these encryption algorithms preserve the frequency of values that was present in the unencrypted version. Cryptanalysts were taking advantage of frequency analysis to crack codes as early as the 9th century CE 166 and the same principle applies to virus Normal uninfected executables . the plaintext tend to have frequently-repeated values like zeroes. Under the assumptions above if the most frequently-occurring plaintext value is known .

Không thể tạo bản xem trước, hãy bấm tải xuống
TỪ KHÓA LIÊN QUAN
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.