7 Dec
2005
7 Dec
'05
7:56 a.m.
* Steven M. Bellovin:
A-V companies are in the business of analyzing viruses.
Many offer analysis services, but this is done upon special request, and only if you pay extra.
They should *know* how a particular virus behaves.
You don't need to know what the virus does in order to detect it with a file-based signature. Analysis stops as soon as detection is possible with sufficient accuracy. Timebombs and other hidden functionality go unnoticed (unless the malware is form a well-known strain which has such features).