427 Botnet fm qxd

T
IP
From an operational point of view, you might find sites such as
VirusTotal (www.virustotal.org), Virus.org (www.virus.org), or Jotti
(http://virusscan.jotti.org/) useful for scanning suspicious files. These ser-
vices run samples you submit to their Web sites against a number of
products (far more than most organizations will have licensed copies
of) and pass them on to antivirus companies. Of course, there are
caveats. Inevitably, some malware will escape detection by all scanners:
a clean bill of health. Since such sites tend to be inconsistent in the
way they handle configuration issues such as heuristic levels, they don’t
always reflect the abilities of the scanners they use so are not a
dependable guide to overall scanning performance by individual prod-
ucts. (It’s not a good idea to use them as a comparative testing tool.)
And, of course, you need to be aware of the presence of a suspicious
file in the first place. 
Malware detection as it’s practiced by the antivirus industry is too com-
plex a field to do it justice in this short section: Peter Szor’s 
The Art of
Computer Virus Research and Defense
(Symantec Press, 2005) is an excellent
resource if you want to dig deeper into this fascinating area.The ins and outs
of heuristic analysis are also considered in 
Heuristic Analysis: Detecting Unknown
Viruses,
by Lee Harley, at www.eset.com/download/whitepapers.php.
You might notice that we haven’t used either an open-source or commer-
cial AV program to provide a detailed example here.There are two reasons 
for this:
■
There is a place for open source AV as a supplement to commercial
antivirus, but we have concerns about the way its capabilities are so
commonly exaggerated and its disadvantages ignored. No open-source
scanner detects everything a commercial scanner does at present, and
we don’t anticipate community projects catching up in the foreseeable
future. We could, perhaps, have looked at an open-source project in
more detail (ClamAV, for instance, one of the better community pro-
jects in this area), but that would actually tell you less than you might
think about the way professional AV is implemented. Free is not
always bad, though, even in AV. Some vendors, like AVG and Avast,

Download 6,98 Mb.

Do'stlaringiz bilan baham: