Contents

• Contents
• Introduction
  • Audience and Scope
  • How to Use This Document
  • Definitions and Basic Concepts
• Functionality
  • Detection Tools
    • Detection by Static Analysis
    • Detection by Interception
    • Detection of Modification
  • Identification Tools
  • Removal Tools
• Selection Factors
  • Accuracy
    • Detection Tools
    • Identification Tools
    • Removal Tools
  • Ease of Use
  • Administrative Overhead
  • System Overhead
• Tools and Techniques
  • Signature Scanning and Algorithmic Detection
    • Functionality
    • Selection Factors
    • Summary
  • General Purpose Monitors
    • Functionality
    • Selection Factors
    • Summary
  • Access Control Shells
    • Functionality
    • Selection Factors
    • Summary
  • Checksums for Change Detection
    • Functionality
    • Selection Factors
    • Summary
  • Knowledge-Based Virus Removal Tools
    • Functionality
    • Selection Factors
    • Summary
  • Research Efforts
    • Heuristic Binary Analysis
    • Precise Identification Tools
  • Other Tools
    • System Utilities
    • Inoculation
• Selecting Anti-Virus Techniques
  • Selecting Detection Tools
    • Combining Detection Tools
  • Identification Tools
  • Removal Tools
  • Example Applications of Anti-Virus Tools
    • Average End-User
    • Power Users
    • Constrained User
    • Acceptance Testing
    • Multi-User Systems
    • Network Server
• Selecting the Right Tool
  • Selecting a Scanner
  • Selecting a General Purpose Monitor
  • Selecting an Access Control Shell
  • Selecting a Change Detector
  • Selecting an Identification Tool
  • Selecting a Removal Tool
• For Additional Information
• References
• Index
• About this document ...