That is indeed what it is. "What they do" vs "how they do it". There is also "why they do it".
"What they do" is very easy to measure using a piece of monitoring software that looks at behavioral characteristics. "How they do it" is also concievable, such as if we take a look at if it is using DirectX to do these calls, and we can identify it as a game.
But "why they do it" is difficult, if not nearly imposible to quanitfy using automatic detection methodologies. And that's why there are malware analysts.
Indeed. QQ is a prominent example of what I was discussing in my posting. What was especially irksome about this was that there were actually variants of QQ that were in and of themselves trojans or malware using QQ as a vehicle.
Also, earlier versions of QQ were much more intrusive. So I had to use many tricks in the book to figure out if it was authentic or not. One thing that helped was when QQ began to sign their binaries, though I still viewed them with great suspicion
Slashdot Mirror
That is indeed what it is. "What they do" vs "how they do it". There is also "why they do it".
"What they do" is very easy to measure using a piece of monitoring software that looks at behavioral characteristics. "How they do it" is also concievable, such as if we take a look at if it is using DirectX to do these calls, and we can identify it as a game.
But "why they do it" is difficult, if not nearly imposible to quanitfy using automatic detection methodologies. And that's why there are malware analysts.
Indeed. QQ is a prominent example of what I was discussing in my posting. What was especially irksome about this was that there were actually variants of QQ that were in and of themselves trojans or malware using QQ as a vehicle. Also, earlier versions of QQ were much more intrusive. So I had to use many tricks in the book to figure out if it was authentic or not. One thing that helped was when QQ began to sign their binaries, though I still viewed them with great suspicion