The Challenge of Detecting and Removing Installed Threats

Technical paper

Our technical experts have written a range of papers on topical security issues. Read the abstract of this technical paper below, and download the paper for free.

The days when the competitiveness of an AV product was determined by the ability to detect a bucketful of samples will soon be behind us. New tests, driven by the requirement for AV products to deal with spyware, will measure the ability of an AV product to manage any given threat from detection to full removal.

Detecting and removing installed and active threats presents many challenges, particularly where multiple files, processes and registry components are involved. The ability for these components to be updated from the Internet at any time and with varying frequency only complicates the issue further. This paper will discuss the challenges that are faced by AV vendors in modifying their products to move away from blindly detecting and deleting a given set of miscellaneous samples to detecting and removing samples in the context of the installed threat.

This paper was presented at the VB Conference 2006

Télécharger The Challenge of Detecting and Removing Installed Threats

The days when the competitiveness of an AV product was determined by the ability to detect a bucketful of samples will soon be behind us. New tests, driven by the requirement for AV products to deal with spyware, will measure the ability of an AV product to manage any given threat from detection to full removal. Télécharger maintenant

Author

Jason Bruce

Jason has been with SophosLabs for over six years working his way up from a junior researcher to his current position managing SophosLabs detection development team. In Jason's current role he leads a team of researchers working on the latest detection techniques and recovery methods.

download Téléchargez notre outil gratuit de suppression des virus
Découvrez ce que votre antivirus actuel n'a pas su détecter.