Blocking Unexpected Operations


Blocking unexpected operations requires a heuristic baseline to accurately define what is expected. Once an expected set of operations is defined, a heuristic intrusion prevention system can halt unexpected operations and inform the user of the anomaly. This can make for a very nice rootkit detector, but its usefulness as a prevention tool is questionable. Heuristic prevention is very similar to closing the barn door after the horses have run away. It simply does not provide a viable solution to the problem.




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net