Cleaning up the mess: time to redefine 'disinfection'? presented at Virus Bulletin 2002

by Gergely Erdelyi (F-secure corporation),

Tags: Security


Summary : "
The meaning of the term `disinfection' has changed during recent years.

Today's increasingly complex viruses often introduce rather complex changes to the system configuration. These changes are made to achieve certain goals, or simply as a side-effect of the infection.

File disinfection alone is no longer enough in most cases.

In certain cases the system becomes completely unusable if the malware is removed without reverting its modifications first. Sometimes these changes don't prevent the system from working but it might take a long time to revert them manually.

This paper elaborates on the techniques used by viruses and the counter steps today's anti-virus applications have to take to clean the system up properly. The paper also discusses the new features anti-virus programs must have to be able to fight today's and the possible future infections.