Abstract
his research first explores the different types of Anti-Malware solution approaches, evaluating the pros and cons, and concentrating on their potential weaknesses and drawbacks. The malware technologies analyzed include Windows Direct Kernel Object Manipulation (DKOM), Kernel Patch Protection, Data Execution Prevention, Address Space Layout Randomization, Driver Signing, Windows Service Hardening, Ghostbuster, Assembly Reverse Analysis, and Virtual CloudAV. Furthermore, a proactive comprehensive solution is provided by utilizing the Windows PowerShell 2.0 utility that is available for Windows Vista, 7, 2008 and 2008 R2. The proposed Proactive PowerShell Anti-Malware (PPSAM) is a utility that monitors the system via health checks with shell scripts that can be fully customized and have the ability to be executed on remote systems. PPSAM is designed to be a proactive complement that attempts to promote early discovery of intrusions and malicious applications, and to provide triggers and reports utilizing the scripts' output.
Original language | American English |
---|---|
State | Published - Jul 19 2011 |
Event | International Conference on Security and Management (SAM) - Las Vegas, NV Duration: Jul 20 2011 → … |
Conference
Conference | International Conference on Security and Management (SAM) |
---|---|
Period | 07/20/11 → … |
Keywords
- Anti-virus
- Customizable
- Malware
- PowerShell
- Proactive
- Security
DC Disciplines
- Databases and Information Systems