I thought most of the virus scanners nowadays use sandbox techniques to check for "bad" behavior. Therefore the polymorphic virusses will also be detected. of course these detection techniques are also known to virus creators, and can easily be bypassed using a bunch of random, unharmfull, code executions before the actual payload.
It's impossiable to detect all known poly/metamorphic bad-code. White lists verification is the only provable technique. It's not always possiable, especially if your infrastructure/computer has not been maintainedd very well. Which is a good reason why signature, heuristic, emulation based detection is still valuable.
发布评论
评论(2)
我认为现在大多数病毒扫描程序都使用沙箱技术 检查“不良”行为。 因此多态性病毒也会被检测到。
当然,病毒创建者也知道这些检测技术,并且可以在实际有效负载之前使用一堆随机、无害的代码执行轻松绕过。
I thought most of the virus scanners nowadays use sandbox techniques to check for "bad" behavior. Therefore the polymorphic virusses will also be detected.
of course these detection techniques are also known to virus creators, and can easily be bypassed using a bunch of random, unharmfull, code executions before the actual payload.
检测所有已知的多态/变态坏代码是不可能的。 白名单验证是唯一可证明的技术。 这并不总是可能的,特别是如果您的基础设施/计算机维护得不好的话。 这就是为什么基于签名、启发式、仿真的检测仍然有价值的一个很好的理由。
It's impossiable to detect all known poly/metamorphic bad-code. White lists verification is the only provable technique. It's not always possiable, especially if your infrastructure/computer has not been maintainedd very well. Which is a good reason why signature, heuristic, emulation based detection is still valuable.