How To Guarantee Malware Detection

itwbennett writes "Dr. Markus Jakobsson, Principal Scientist at PARC, explains how it is possible to guarantee the detection of malware, including zero-day attacks and rootkits and even malware that infected a device before the detection program was installed. The solution comes down to this, says Jakobsson: 'Any program — good or bad — that wants to be active in RAM has no choice but to take up some space in RAM. At least one byte.'"

There is something that can answer your questions!

[spun]

How COULD this work? There is an answer. You can find this answer in a foreign place, known by the mysterious and terrifying name of The Article. Here's what you do: you read it. When you read it, your questions will be answered.

Basically, I can tell from the fact that you are asking irrelevant questions that you have not read the article. And you know what? I'm not going to explain it to you. To be clear, I am not saying, "This technique will work." I am saying "You are not criticizing this technique."

Re:Refuting the imaginary article in your head

[spun]

Yes, well, if the malware let's itself get swapped out, it can not hide its memory footprint. If we started from a known clean machine, we will know how much memory everything valid should be using. If there is more memory allocated, then there is malware.

It's getting kind of boring explaining the article over and over again.

Re:Refuting the imaginary article in your head

[spun]

Malware has to take up space. That space is what we are looking for. There is no scanning for specific patterns involved. Try rereading the article. I'm getting bored explaining it over and over again. Suffice it to say, you haven't understood it yet.