Figure 10.1. Process Monitor session for the Password Vault application.
Most of the malicious operations carried out by Trojans can be detected using
Process Monitor, including those that contain Backdoors. Of course, Process Monitor
itself doesn't identify malware, it simply reports what a process is doing. With a little bit
of ingenuity, one can identify activities that don't seem to fit with the advertised
functionality of a program. For example, a program that accesses registry keys, files, or
network locations that are unrelated to it, is probably malicious. It's common practice
these days for users to download free software from the Internet, and because we've been
convinced that open-source software, which is sometimes confused with free software,
should have the fewest number of vulnerabilities, we do it without much afterthought.
Incidentally, the data on the number of vulnerabilities found in popular Internet browsers