![]() ![]() Well-known code that has proven itself harmless over the years can be whitelisted. Thus, blacklisting bad code quickly becomes a losing battle when you're fighting against polymorphic malware.Ī whitelist is another technique for determining application reputation. Just like a mutating virus, each time they run, they can potentially spawn into up to a million different varieties. ![]() Some of these are referred to as "polymorphic," meaning that they can change their appearance in multiple ways. ![]() How do they do this? They make a slight change or variation in code in order to hide it from AV programs. However, just like in the movies, some bad actors change their faces and fingerprints to escape detection. Whenever a new bad actor appears, its fingerprint is added to the AV database. Just like the FBI, most anti-virus (AV) systems maintain databases of fingerprints belonging to malicious software. One way to tell if an application has a bad reputation is to check whether its fingerprint is on a blacklist. Reputation works similar to the way that we develop trust in other people-we study them over the course of multiple encounters or, if we don't have prior experience with them, then we rely on others for information about their reputation. Application reputation is a method employed by Microsoft's SmartScreen® filter to distinguish good software from bad software as it is downloaded from the Internet. That's where "application reputation" technology comes in. As one dog says to the other in Peter Steiner's classic New Yorker cartoon: "On the Internet, nobody knows you're a dog." Software downloaded from the Internet is similar to people on the Internet-it's hard to tell which ones are dogs, at least without help.
0 Comments
Leave a Reply. |