Open anti-malware analysis, or recognising the absence of the normal and the presence of the abnormal

It occurred to me this evening that most, if not all, antivirus and anti-malware solutions exist as proprietary code, and they invariably rely on one of two methods of detecting something unwanted. They use heuristics based on bad activity… ok, that’s fine but it’s no good when the malware’s author is smarter than you. Secondly, … [Read more…]