Kaspersky Lab releases a new analytical report: The Evolution of Technologies Used to Detect Malicious Code
07 Nov 2007
Kaspersky Lab, a leading developer of secure content management solutions, has released a new analytical report on the evolution of technologies used to detect malicious code, written by Alisa Shevchenko, one of the company's senior malware analysts.
The article describes the different methods used to detect malicious code, focusing on non-signature-based technologies. When describing detection technologies, Alisa identifies two main components – a technical component and an analytical component.
The technical component involves such techniques as analyzing file code as byte sequences, emulating program code, virtualization, monitoring system events and searching for system anomalies. The second analytical component can include a simple comparison of objects, a complex comparison or expert systems that issue their verdicts based on a sophisticated analysis of data.
Alisa examines which algorithms are used in which malicious program detection technologies. She describes the advantages and shortcomings of the different methods used to detect malicious code and demonstrates that there is no universal or “best” protection method.
Alisa concludes by offering recommendations on how to choose non-signature-based protection. In choosing a technology, the user should be guided by the results of independent tests, since each technology has its pros and cons.
The complete report can be found at Viruslist.com.
A summary of the article is available on the Kaspersky Lab corporate website at www.kaspersky.com.