SB 16: Malware Defense Flashcards
What is static analysis?
Requires that something about the malwares structure be known, or derivable. Is definite, a signature is matched or not.
What is behavioral analysis?
It examines what the program does as it executes. Can identify previously unknown malware.
What is statistical analysis?
Programs have specific statistical characteristics that malicious logic might alter. Detection of such changes may lead to detection of malicious logic.
By which process can you limit what objects are accessible to a given process run by the user?
Containment. It draws on mechanisms for confining information.
What two analysis complement each other?
Static and behavioral. They are often used together.
What is a malware signature?
A signature that can identify a piece of malware.
Reading or scanning a file and testing to see if the file matches a set of predetermined attributes. These attributes are known as the malware’s ‘signature’. Malware signatures, which can occur in many different formats, are created by vendors and security researchers.
What is sandboxing?
A sandbox or a VM implicitly restrict the rights of processes. A common implementation of this is to restrict the program by modifying it. Usually, special instructions inserted into the object code cause traps whenever an instruction violates the security policy. If the executable dynamically loads libraries, special libraries with the desired restrictions replace the standard libraries.
In what way does trust affect malware defense?
The effectiveness of any security mechanism depends on the security of the underlying base on which it is implemented and on the implementations correctness.
