Scribd Logo
Upload

Welcome to Scribd!

  • 9 views

    We Are Just Describing How Internal Algorithm Should Be For Any Firmware or Software Anti-Malicious Product?

    Uploaded by

    er_computer
    The document describes the internal algorithms used by anti-malware software scan and verifier engines. The scan engine monitors for malicious CALL, IN/OUT, JUMP, and MOV instructions and checks processes, ports, procedures, and memory addresses against an internal database. It also uses checksums to detect replicated malware. The verifier engine works in two modes - checking files against signatures or signatures against files - using an attack database with both approaches having advantages and disadvantages.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    We Are Just Describing How Internal Algorithm Should Be For Any Firmware or Software Anti-Malicious Product?

    Uploaded by

    er_computer
    9 views2 pages
    The document describes the internal algorithms used by anti-malware software scan and verifier engines. The scan engine monitors for malicious CALL, IN/OUT, JUMP, and MOV instructions and checks processes, ports, procedures, and memory addresses against an internal database. It also uses checksums to detect replicated malware. The verifier engine works in two modes - checking files against signatures or signatures against files - using an attack database with both approaches having advantages and disadvantages.

    Original Description:

    Algo

    Original Title

    Algo

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes the internal algorithms used by anti-malware software scan and verifier engines. The scan engine monitors for malicious CALL, IN/OUT, JUMP, and MOV instructions and checks processes, ports, procedures, and memory addresses against an internal database. It also uses checksums to detect replicated malware. The verifier engine works in two modes - checking files against signatures or signatures against files - using an attack database with both approaches having advantages and disadvantages.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    9 views2 pages

    We Are Just Describing How Internal Algorithm Should Be For Any Firmware or Software Anti-Malicious Product?

    Uploaded by

    er_computer
    The document describes the internal algorithms used by anti-malware software scan and verifier engines. The scan engine monitors for malicious CALL, IN/OUT, JUMP, and MOV instructions and checks processes, ports, procedures, and memory addresses against an internal database. It also uses checksums to detect replicated malware. The verifier engine works in two modes - checking files against signatures or signatures against files - using an attack database with both approaches having advantages and disadvantages.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    We are just describing how internal

    algorithm should be for any firmware or


    software Anti-Malicious product?
    Scan Engine
    Mnemonic is CALL then
    lock the last one or two WORDS depending upon whether
    call was near or far.
    Mnemonic is IN/OUT instruction then
    Check operands detect PORT address.
    Look in the INTERNAL_MEMORY if process is allowed to access
    that port or not.

    If JUMP code is there


    Fetch next if it is NOP fetch again.
    If Memory address, check for that procedure.

    Apply Compiler type algorithm for any JUMP instruction that whether it
    will end or not.
    If MOV SEG_REG, X is there
    Than make sure X is not in the sheltered memory
    space.
    For replicated malware
    Use Check Sum technique.

    this is how Scan Engine of Anti-Malicious works in its running mode when it
    deals with Assembly.

    Verifier Engine
    Verifier mode works based on Attack Database of anti-virus product.
    There are two types of mode
    1. For each file F check every signature S
    2. For every signature S check all files F.
    Both have its advantages & disadvantages

    You might also like