427 Botnet fm qxd



Download 6,98 Mb.
Pdf ko'rish
bet134/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   130   131   132   133   134   135   136   137   ...   387
Bog'liq
Botnets - The killer web applications

www.syngress.com
Botnet Detection: Tools and Techniques • Chapter 5
161
427_Botnet_05.qxd 1/9/07 9:59 AM Page 161

not least because of its ability to detect the worms and blended threats that
are still often associated with the initial distribution of bots.
You should be aware that modern antivirus software doesn’t only detect
viruses. In fact, full-strength commercial antivirus software has always detected
a range of threats (and some nonthreats such as garbage files, test files, and so
on). A modern multilayered enterprise antivirus (AV) solution detects a ridicu-
lously wide range of threats, including viruses, jokes, worms, bots, backdoor
Trojans, spyware, adware, vulnerabilities, phishing mails, and banking Trojans.
Not to mention a whole class of nuisance programs, sometimes referred to as
possibly unwanted programs
or 
potentially unwanted applications
. So why don’t we
just call it antimalware software? Perhaps one reason is that although detection
of even unknown viruses has become extraordinarily sophisticated (to the
point where it’s often possible to disinfect an unknown virus or variant safely
as well as detect it), it’s probably not technically possible to detect and remove
all malware with the same degree of accuracy. A vendor can reasonably claim
to detect 100 percent of known viruses and a proportion of unknown viruses
and variants but not to detect anything like 100 percent of malware. Another
reason is that, as we’ve already pointed out, not everything a scanner detects is
malicious, so maybe antimalware wouldn’t be any better.
Tools & Traps…
Explaining Antivirus Signatures
It’s widely assumed that antivirus works according to a strictly signa-
ture-based detection methodology. In fact, some old-school antivirus
researchers loathe the term 
signature
, at least when applied to
antivirus (AV) technology, for several reasons. (The term 
search string
is
generally preferred, but it’s probably years too late to hope it will be
widely adopted outside that community when even AV marketing
departments use the term 
signature
quite routinely). Furthermore:

The term 
signature 
has so many uses and shades of meaning
in other areas of security (digital signatures, IDS attack signa-
tures, Tripwire file signatures) that it generates confusion

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   130   131   132   133   134   135   136   137   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish