Final Defense Talk - PowerPoint PPT Presentation

About This Presentation
Title:

Final Defense Talk

Description:

Antivirus Software. Detects malware (not just viruses) May eliminate malware as well ... A malware dictionary is essentially a blacklist, describing 'bad' software ... – PowerPoint PPT presentation

Number of Views:43
Avg rating:3.0/5.0
Slides: 8
Provided by: shirees
Learn more at: https://ics.uci.edu
Category:
Tags: defense | final | talk

less

Transcript and Presenter's Notes

Title: Final Defense Talk


1
Antivirus Software
  • Detects malware (not just viruses)
  • May eliminate malware as well
  • Often sold with firewalls

Two approaches Dictionary-based - Compares data
to known malware in a dictionary Heuristic
approaches - Checks the machine for bad behavior
2
Dictionary-Based Approach
  • Scan files on disk (and in memory) and compare
    them to known malware
  • If a match is found then malware is detected
  • Once malware is detected, one of the following
    actions is performed
  • 1. Repair the file (if possible)
  • 2. Quarantine the file (change access privileges)
  • 3. Delete the file

3
Dictionary-Based Details
  • Typically examines files when the OS performs
    create, open, close or emails them
  • All files are scheduled to be scanned on a
    regular basis
  • - Maybe a new file has mysteriously appeared
  • Virus dictionary must be updated regularly
  • - Need to catch 0day attacks
  • - Updates must be secure

4
Blacklisting vs. Whitelisting
  • A malware dictionary is essentially a blacklist,
    describing bad software
  • - Any software in the blacklist is known bad
  • There are so many different types of malware that
    it is hard to make a complete dictionary
  • A whitelist is a list of known good software
  • - Software not on the white list is assumed to
    be bad
  • Similar to Deny-All for firewalls

5
Weaknesses of Dictionary-Based
  • Cannot detect new malware
  • - Virus must be in the dictionary to be detected
  • - Time to include in a dictionary can vary
  • - Different malware often shares code (i.e.
    metasploit)
  • Small changes in malware can make it undetectable
  • - There are many ways to write the same program
  • - Polymorphic worms are encrypted to avoid
    detection

6
Heuristic Antivirus Techniques
  • Monitor the behavior of all programs
  • If the behavior is suspicious then malware is
    detected
  • Example Writing data to an executable program is
    suspicious
  • - Viruses do this to spread
  • Benefits
  • - Can detect new malware
  • Weaknesses
  • - Hard to define suspicious behavior
  • - Many false positives are possible
  • - Malware writers can adjust to the heuristics

7
Issues with Antivirus
  • Antivirus tools may not properly clean up after
    eliminating malware
  • Antivirus tools may significantly slow down your
    machine
  • Cannot use more than one antivirus tool at one
    time
  • - Antivirus operations are suspicious
  • May need to disable antivirus when making
    low-level changes
  • - Installing a windows service pack or video
    drivers
  • - Modifying OS and drivers is suspicious
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Final Defense Talk" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!