No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Malware Detection and Removal: An examination of personal anti-virus software
Abstract
SoHo users are increasingly faced with the dilemma of applying appropriate security mechanisms to their computer with little or no knowledge of which countermeasure will deal with which potential threat. As problematic as it may seem for individuals to apply appropriate safeguards, individuals with malicious intent are advancing methods by which malicious software may operate undetected on a target host. Previous research has identified that there are numerous ways in which malware may go undetected on a target workstation. This paper examines the quality of malware removal programs currently available on the market, which consumers may use whilst utilising the Internet. The research suggests that current anti-virus products, whilst able to detect most recently released malware, still fall short of eliminating the malware and returning the system to its original state. The paper does not compare or disclose potential flaws within each product; rather it depicts the current state of anti-virus products.
... Out of the thirty-one antivirus programs that had the bot submitted to them, only six detected the bot, whilst one detected that there was a low threat present. This is not a particularly unusual result, evidenced from this research and supported by other researchers (Bilar, 2005;Masood, 2004;Mohandas, n.d.;Skoudis & Zeltser, 2004;Szewczyk & Brand, 2008;Wysopal, 2009). An analysis of the Win32.Qucan.a ...
... It indicates that even though it is accepted computer security policy to run AV software, detection of all malware could be highly unlikely. This is supports the findings of other researchers (Masood, 2004; Mohandas, n.d.; Skoudis & Zeltser, 2004;Szewczyk & Brand, 2008). ...
... Even though each malware specimen was submitted to 36 virus detectors,approximately one year after collection and submission to online virus collection agencies, only 93.7% of the virus engines agreed that the specimens were malicious. This indicates that AV software may provide less than ideal detection ability and supports the claims by other researchers(Mila Dalla et al., 2008;Szewczyk & Brand, 2008;Z. Yan & Inge, 2008;Zhou & Meador Inge, 2008).The specimens were dominated by the Allaple worm at approximately 77.57% of the total number of specimens that could be analyzed.Approximately 18% of these specimens recorded no activity when run inside the sandbox Anubis provides, even though the average run time was 148 seconds. ...
Anti Virus (AV) software generally employs signature matching and heuristics to detect the presence of malicious software (malware). The generation of signatures and determination of heuristics is dependent upon an AV analyst having successfully determined the nature of the malware, not only for recognition purposes, but also for the determination of infected files and startup mechanisms that need to be removed as part of the disinfection process. If a specimen of malware has not been previously extensively analyzed, it is unlikely to be detected by AV software. In addition, malware is becoming increasingly profit driven and more likely to incorporate stealth and deception techniques to avoid detection and analysis to remain on infected systems for a myriad of nefarious purposes.
Malware extends beyond the commonly thought of virus or worm, to customized malware that has been developed for specific and targeted miscreant purposes. Such customized malware is highly unlikely to be detected by AV software because it will not have been previously analyzed and a signature will not exist. Analysis in such a case will have to be conducted by a digital forensics analyst to determine the functionality of the malware.
Malware can employ a plethora of techniques to hinder the analysis process conducted by AV and digital forensics analysts. The purpose of this research has been to answer three research questions directly related to the employment of these techniques as:
1. What techniques can malware use to avoid being analyzed?
2. How can the use of these techniques be detected?
3. How can the use of these techniques be mitigated?
... In the Malware Signature DB, malware signatures for determining whether a scanned file contains malware and rules for restoring malware-infected files are registered [10], [11]. ...
Container platforms provide many functions for diverse applications and are used to build and operate various information services. They have been extended not only to Linux and Unix-based servers but also to Windows and macOS-based desktops and laptops. Many systems use anti-virus software to minimize damage caused by malware. Most anti-virus software provide real-time malware detection functions and block the execution of malware by enforcing access denial functions for malware that cannot be deleted or for original files that cannot be restored. However, current anti-virus technologies are not designed for container platforms. Therefore, they cannot detect malware in containers in real time; nor can they block malware execution or user access to malware owing to the isolation feature provided by container platforms. To resolve these issues, we propose a functionally-isolated anti-virus architecture for container platforms. The proposed anti-virus architecture separates the functions of a legacy anti-virus engine to ensure compatibility with the isolation features of a container platform. By implementation, it was confirmed that the proposed anti-virus architecture can detect in real-time the entry of malware in a container platform and block the execution of, and user access to unrecoverable malware-infected files. The performance of the proposed functionally-isolated anti-virus architecture is similar to that of legacy anti-virus technology and was verified to be sufficiently effective.
... While in a clinical setting the IT department will typically be responsible for the detection and removal of spyware and malware, the potentially high prevalence rate on personal computers means that clinicians working with clinical data from their personal computer systems should be extremely careful to ensure that they are running one or more spyware detection and removal programs on a regular basis. Research indicates that antivirus and antimalware programs are effective at stopping up to 98% of all malware threats provided they are regularly updated (Garuba, Liu, & Washington, 2008), and Kaspersky antivirus and BitDefender antivirus are highly effective at protecting systems against malware (AV-Comparatives, 2015;Szewczyk & Brand, 2008). The independent organization AV-Comparatives publishes yearly summary reports of the effectiveness of antivirus and antimalware programs that can be used by mental health professionals who wish to remain up to date on the most effective antimalware programs (http://www.avcomparatives.org/summary-reports/). ...
In 2012, privacy breaches exposed the confidential health data of 22.5 million U.S. citizens. Ensuring clients’ privacy is essential in clinical psychology, and a task that has become increasingly complex as technology has evolved. Many current professional guidelines for clinical practice do not consider issues pertaining to potential privacy breaches from sources such as human error, malicious acts, metadata, and surveillance (e.g., APA, 2007, http://www.apa.org/practice/guidelines/record-keeping.pdf; APS, 2013, http://www.psychology.org.au/Assets/Files/2013-APS-psychological-services-framework-for-public-sector-NGO%20.pdf; BPS, 2011, http://www.bps.org.uk/sites/default/files/documents/electronic_health_records_final.pdf). We review potential sources of privacy breaches arising from electronic storage and communications use. We conclude with best practice recommendations regarding electronic storage and communication, software choices, and spyware removal designed to minimize privacy risk in mental health care. These recommendations need to be regularly reviewed to continue to minimize the risk of privacy-related breaches in the context of ongoing technological development.
... The situation with implementing appropriate safeguards to a workstation seems problematic in that the majority of respondents were being recommended Norton antivirus by computer vendors. This shows a lack of awareness amongst home users in that Norton anti-virus is not one of the recommend anti-virus products when undergone robustness testing by third parties (CNET, 2008; Top Ten Reviews, 2008; Szewczyk and Brand, 2008). Hence individuals utilising default installed applications or taking advice from computer vendors appear to be self exposing themselves to the numerous threats currently propagating on the Internet. ...
The paper examines the end-user perceptions, attitudes and knowledge towards the various issues currently propagating over the Internet. The study consisted of a series of open-ended interviews of twenty-three individuals, which took place in Australia towards the end of 2008. Analysis revealed that whilst end-users are attempting to secure themselves online, they are being given insufficient information and find it difficult to understand in relation to implementing effective security.
Many are familiar with the topic of malware and the dangers these pose to both organisations and individuals. Frequently targeted via anonymous emails, malware carries malicious payloads often contained within file attachments such as Adobe Acrobat and Microsoft Office documents. Emailed documents such as these, and potentially that useful utility you downloaded, can unfortunately have an even more sinister payload than simply co-opting a machine to a botnet. Today's trojans may hold a computer's user to ransom. The term ‘ransomware’ has been used to describe malware with this class of payload.