Letting computer viruses loose on a quarantined computer and recording their pattern of activity could lead to a better way of s

admin2009-06-24  32

问题     Letting computer viruses loose on a quarantined computer and recording their pattern of activity could lead to a better way of spotting them in the "wild".
    A prototype system developed at the University of Michigan uses the "fingerprint" of virus activity to identify them more effectively than existing anti-virus software.
    The designers of programs that damage, take over or steal data from computers—called malware—are locked in an arms race with companies that make anti-virus (AV) software to prevent and fix malware damage.
    Conventional AV software looks for suspicious behavior and then tries to determine what’s causing it. It does this by looking for virus "signatures"—chunks of computer code from known viruses.
    But identifying previously unknown malware is difficult, and keeping track of different variants of existing viruses makes it harder. For example, a virus called Agobot has split into more than 580 variants since its release in 2002.
    In tests, Michael Bailey and colleagues at the University of Michigan, U.S., showed that five leading AV programs could identify only between 50 and 80 percent of a large sample of malware. And the programs struggled to agree on what they had found—the identifications often did not match.
    Bailey and his team say their approach is superior and have used it to develop a prototype AV system that is significantly better at identifying viruses once they are detected.
    The team set loose the malicious software on a quarantined computer, recording all the files and strings of instructions (processes) created and modified by the malware.
    They then created software that uses a database of these "fingerprints" to identify malware. It can also define clusters of malware that operate in similar ways, and generate a kind of family tree showing how superficially different programs have similar modi operandi.
    In tests on the same malware, the new software could identify at least 10 percent more of the sample than any of the other AV software. It also always correctly linked different pieces of malware that behave in the same way—the best AV program spotted only 68 percent of such doubles.
    "What they’re doing here is quite viable", says Richard Overill, a researcher at Kings College London, UK. "In principle this should work very well at identifying different viruses, and grouping those that may appear different but work in the same way".
    The new approach could reduce the number of updates needed for conventional AV systems, suggests Overill. "Instead of having separate patches for each virus, this could be more efficient and reduce the size of updates that must be downloaded".
    Grant Malcom researches computer security at Liverpool University, U.K. He says that recording activities like files created and modified is a novel approach to the problem and that it would be interesting to see whether this approach to categorizing malware could work without giving false positives.

选项 A、There is competition between virus designers and AV companies.
B、The definition of "malware".
C、Malware designers are locked up by AV companies.
D、A metaphoric explanation of how the new AV software is developed.

答案D

解析
转载请注明原文地址:https://kaotiyun.com/show/hbTd777K
0

随机试题
最新回复(0)