|
A Guide to the Selection of Anti-Virus Tools and Techniques
Table of Contents
1.0 Introduction
1.1 Audience and Scope
1.2 How to Use This Document
1.3 Definitions and Basic Concepts
2.0 Functionality
2.1 Detection Tools
2.1.1 Detection by Static Analysis
2.1.2 Detection by Interception
2.1.3 Detection of Modification
2.2 Identification Tools
2.3 Removal Tools
3.0 Selection Factors
3.1 Accuracy
3.1.1 Detection Tools
3.1.2 Identification Tools
3.1.3 Removal Tools
3.2 Ease of Use
3.3 Administrative Overhead
3.4 System Overhead
4.0 Tools and Techniques
4.1 Signature Scanning and Algorithmic Detection
4.1.1 Functionality
4.1.2 Selection Factors
4.1.3 Summary
4.2 General Purpose Monitors
4.2.1 Functionality
4.2.2 Selection Factors
4.2.3 Summary
4.3 Access Control Shells
4.3.1 Functionality
4.3.2 Selection Factors
4.3.3 Summary
4.4 Checksums for Change Detection
4.4.1 Functionality
4.4.2 Selection Factors
4.4.3 Summary
4.5 Knowledge-Based Virus Removal Tools
4.5.1 Functionality
4.5.2 Selection Factors
4.5.3 Summary
Research Efforts
4.6.1 Heuristic Binary Analysis
4.6.2 Precise Identification Tools
4.7 Other Tools
4.7.1 System Utilities
4.7.2 Inoculation
5.0 Selecting Anti-Virus Techniques
5.1 Selecting Detection Tools
5.1.1 Combining Detection Tools
5.2 Identification Tools
5.3 Removal Tools
5.4 Example Applications of Anti-Virus Tools
5.4.1 Average End-User
5.4.2 Power Users
5.4.3 Constrained User
5.4.4 Acceptance Testing
5.4.5 Multi-User Systems
5.4.6 Network Server
6.0 Selecting the Right Tool
6.1 Selecting a Scanner
6.2 Selecting a General Purpose Monitor
6.3 Selecting an Access Control Shell
6.4 Selecting a Change Detector
6.5 Selecting an Identification Tool
6.6 Selecting a Removal Tool
7.0 For Additional Information
|
