Slashdot Mirror


How To Guarantee Malware Detection

itwbennett writes "Dr. Markus Jakobsson, Principal Scientist at PARC, explains how it is possible to guarantee the detection of malware, including zero-day attacks and rootkits and even malware that infected a device before the detection program was installed. The solution comes down to this, says Jakobsson: 'Any program — good or bad — that wants to be active in RAM has no choice but to take up some space in RAM. At least one byte.'"

3 of 410 comments (clear)

  1. Easy by camperdave · · Score: 1, Flamebait

    If $OS=="Windows" Then print "Malware Detected";

    --
    When our name is on the back of your car, we're behind you all the way!
  2. Re:Refuting the imaginary article in your head by palegray.net · · Score: 0, Flamebait

    If the malware gets swapped out it won't be detected in the scan.

    Wrong again. Please go read the article.

  3. Re:Refuting the imaginary article in your head by spun · · Score: 0, Flamebait

    Okay, THAT I don't get. As far as I can tell, this technique is not guaranteed to find 0-day malware that has infected the machine before the scanner is in place, unless that malware tries to resist detection.

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton