Cleaning up the mess: time to redefine 'disinfection'?

Gergely Erdelyi F-Secure Corporation

The meaning of the term `disinfection' has changed during recent years.

Today's increasingly complex viruses often introduce rather complex changes to the system configuration. These changes are made to achieve certain goals, or simply as a side-effect of the infection.

File disinfection alone is no longer enough in most cases.

In certain cases the system becomes completely unusable if the malware is removed without reverting its modifications first. Sometimes these changes don't prevent the system from working but it might take a long time to revert them manually.

This paper elaborates on the techniques used by viruses and the counter steps today's anti-virus applications have to take to clean the system up properly. The paper also discusses the new features anti-virus programs must have to be able to fight today's and the possible future infections.

 del.icio.us  digg this! digg this

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

Virus Bulletin
In this month's magazine:
  • Living the meme
  • If Svar is the answer...
  • Static analysis of mobile malware
  • And the devil is six: the security consequences of the switch to IPv6
  • Behind enemy lines: reporting from the CCC 28C3 Congress
Virus Bulletin 02 2012
Subscribe now!

Virus Bulletin currently has 224,243 registered users.