Comment Detection still requires a scanner (Score 1) 410
After reading the article a couple of times, it seems that this is a tool that needs to be coupled with a scanner. This is a method that determines malware is trying to disguise itself or intefere with a scanner. Therefore a simple attack method would be to be a normal program and not try to disguise itself. The only way it could be detected would be for a scanner to already have a signature for that malware program. Hence this is a tool that should be incorporated in already existing anti-malware programs and not a standalone detector.
Do I understand this correctly? And if so I am underwhelmed. I need a tool that can detect zero day attacks and this does not seem to be that.
Julian