Frank Stajano: You spoke about establishing a malware-free state. If I give you a bit string, which basically is a dump of all the memory that you're interested in, are you able to detect whether it contains malware? Any possible known or unknown malware? Do you assume you have that capability or not? Reply: Well, no, it's not easy to figure out whether the memory dump contains malware. Your question is also interesting because a binary program in the memory dump can have different behaviors on different systems1; e.g., it can be a perfectly good program on one and malware on another.
展开▼
