Antimalware and Antispam Technology Case Study Example | Topics and Well Written Essays - 1250 words

Antimalware and Antispam Technology - reason Study ExampleThe decision proved costly as the software exhibited a persistent inclination to incorrectly identify Outlook files as malware and permanently delete them. Within two weeks it had deleted dozens of alpha emails. As no amount of configuring seemed to solve this problem, we made the transition to Symantecs Norton Internet Security.Since 2004, every computer and laptop in our company has been running Norton Internet Security. The software has, quite successfully, prevented users from logging onto a host of sites which we assume identified as potentially threatening and from running peer to peer software. Indeed, the results of the ICT Departments periodic review of the applications logs bear witness that Norton Internet Security has effectively protected us from a wide array of malware. Effective protection, however, does non mean immunity and therefore, we have implemented a second level of protection.Following a utter(a) investigation of anti-malware applications the ICT department decided to implement BINDER. A host- base detection system that can detect a wide class of malware on computers, including worms, spyware, and adware, with few false alarms, it operates through a simple algorithm which is based on inferring user intent. It detects impudent unknown malware on personal computers by identifying extrusions, malicious outbound earnings requests which the user did not intend. At the same time, and as the ICT Director informed me, we have also real and implemented a large-scale honeyfarm system that ensures high-fidelity honeypot operation, efficiently discards the incessant Internet .background radiotherapy that has only nuisance value when looking for new forms of activity, and devises and enforces an effective containment policy to ensure that the detected malware does not inflict external damage or skew internal analyses. Operating side-by-side, these two malware detection systems have, all over the past fifteen months, effectively protected the company from malware attacks and infections. 3.1Inferring User IntentI asked our ICT Director but how BINDER infers user-intent connections and, in response, he cited a very simple example. Let us assume that a user opens an Internet Explorer (IE) window, goes to a news web site, then leaves the window idle. In this example, new connections are generated in the following four cases(1) When the user opens IE by double-clicking its icon on My background in Windows, the shell process explorer.exe (PID=1664) of Windows receives the user excitant, and then starts the IE process. After the domain name of the nonpayment homepage is resolved, the IE process makes a connection to it to transfer the homepage. This connection of IE is triggered by the user input of its parent process of explorer.exe.(2) Case II After the user clicks a bookmark of news.yahoo.com in the IE window, the domain name is resolved as xx.xxx.xx.xxx. Then the IE process makes a connection to it to download the hypertext mark-up language file. This connection is triggered by the user input of the same process.(3) Case III After receiving the HTML file in 4 packets, IE goes to retrieve two image files from the websites in question. IE makes connections to them afterward the domain