SB 16: Malware Defense Flashcards

1
Q

What is static analysis?

A

Requires that something about the malwares structure be known, or derivable. Is definite, a signature is matched or not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is behavioral analysis?

A

It examines what the program does as it executes. Can identify previously unknown malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is statistical analysis?

A

Programs have specific statistical characteristics that malicious logic might alter. Detection of such changes may lead to detection of malicious logic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

By which process can you limit what objects are accessible to a given process run by the user?

A

Containment. It draws on mechanisms for confining information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What two analysis complement each other?

A

Static and behavioral. They are often used together.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a malware signature?

A

A signature that can identify a piece of malware.

Reading or scanning a file and testing to see if the file matches a set of predetermined attributes. These attributes are known as the malware’s ‘signature’. Malware signatures, which can occur in many different formats, are created by vendors and security researchers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is sandboxing?

A

A sandbox or a VM implicitly restrict the rights of processes. A common implementation of this is to restrict the program by modifying it. Usually, special instructions inserted into the object code cause traps whenever an instruction violates the security policy. If the executable dynamically loads libraries, special libraries with the desired restrictions replace the standard libraries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In what way does trust affect malware defense?

A

The effectiveness of any security mechanism depends on the security of the underlying base on which it is implemented and on the implementations correctness.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly