Comment Re:fundamental difference of examination (Score 1) 81
That is indeed what it is. "What they do" vs "how they do it". There is also "why they do it".
"What they do" is very easy to measure using a piece of monitoring software that looks at behavioral characteristics. "How they do it" is also concievable, such as if we take a look at if it is using DirectX to do these calls, and we can identify it as a game.
But "why they do it" is difficult, if not nearly imposible to quanitfy using automatic detection methodologies. And that's why there are malware analysts.
"What they do" is very easy to measure using a piece of monitoring software that looks at behavioral characteristics. "How they do it" is also concievable, such as if we take a look at if it is using DirectX to do these calls, and we can identify it as a game.
But "why they do it" is difficult, if not nearly imposible to quanitfy using automatic detection methodologies. And that's why there are malware analysts.
