X hits on this document





111 / 120

does not support this belief. [45] reports that “Mozilla browsers were affected by 99 new

vulnerabilities in 2008, more than any other browser; there were 47 new vulnerabilities

identified in Internet Explorer, 40 in Apple Safari, 35 in Opera™, and 11 in Google®

Chrome.” It seems counter-intuitive that an open-source browser would have twice as

many security holes than a closed-source browser like Internet Explorer. Mozilla is not

malware, but it's interesting to note that in the case of software, open-source doesn't

guarantee security. Becoming familiar with the Windows® Sysinternals suite can help

you evaluate whether the software on your Windows® machine is acting in your best


If you suspect a particular program to be malware, it can be submitted online to a

service called ThreatExpert [47]. ThreatExpert is a Web-based tool that supports

submission of software executables that are to be evaluated against an on-line malware

database. The tool analyzes the instruction sequences in submitted executables and

attempts to match them against those of known malware. Matching against existing

malware is just one part of ThreatExpert's automated engine; the service actually tries to

execute suspected malware in an isolated environment in order to perform heuristic

analysis of its actions. An example of a report generated by ThreatExpert for a

particularly dangerous piece of malware is shown in Fig. 10.2. The figure contains only

the top-level summary of the report whereas the full report contains much more detail,

such as filesystem, memory, registry, network and other activity. Note that all of the

malicious behaviors of the submitted executable could have been learned by


Document info
Document views486
Page views487
Page last viewedFri Jan 20 04:47:22 UTC 2017