- Shopping Bag ( 0 items )
Posted July 11, 2005
Szor's book appears to be the current definitive text on antivirus methods. The breadth of coverage of methods is good. So too is the level of detail. The book makes you appreciate how hard the task is of finding these darned viruses. In general, you are trying to discern malware intent in an arbitrary file. Where this file is often binary. But, as Szor is careful to explain, there can certainly be source code viruses as well. These could be in Postscript, PDF or scripting files. He also points out that the Microsoft Office data files are really binary programs, that run under the Microsoft Office applications. The book shows the considerable level of ingenuity on both sides of this struggle. As in how antivirus companies like Symantec often run a suspected virus in an emulator, stepping through the code. But in response, some viruses try to detect if they are being run inside an emulator. How they do this is very crafty and simple. It is examples of tactics like this that give the book its worth.
1 out of 1 people found this review helpful.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.