The challenge of detecting and removing installed threats

Jason Bruce SophosLabs

The days when the competitiveness of an AV product was determined by the ability to detect a bucket full of samples will soon be behind us. New tests, driven by the requirement for AV products to deal with spyware, will measure the ability of an AV product to manage any given threat from detection to full removal.

Detecting and removing installed and active threats presents many challenges particularly where multiple files, processes and registry components are involved. The ability for these components to be updated from the Internet at any time and with varying frequency only complicates the issue further.

This paper will discuss the challenges that are faced by AV vendors in modify their products to move away from blindly detecting and deleting a given set of samples to detecting and removing samples in the context of the installed threat for which those samples are merely a subset of components.

VB Conferences

VB2011 (Barcelona)

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘The conference was very well organised, talks kept to a strict schedule, the speakers were very professional and the technical content was very good.’

Poll

Do you use the same password(s) across multiple websites?

Leave a comment
View 4 comments

Jobs

In Virus Bulletin's jobs pages among others:

Virus Researcher (Tettnang, Germany)
Virus Analyst (Tettnang, Germany)

Virus Bulletin currently has 190,995 registered users.

Fighting malware and spam