in the malware field the ideal kind of definition for a class of malware is the functional definition... essentially it is a definition that defines the class of things by what function all things in that class must perform...
for example a web browser must be able to browse the web, and anything that can't browse the web cannot be a web browser...
the reason this is the ideal kind of definition in the malware field is because it depends only on things that can be determined by examining a malware sample itself... this makes it the most objective type of definition...
by contrast some definitions depend on speculation about the intent of the malware author or about the perceptions of the user... such dependencies make for very subjective definitions, and such subjectivity leads to disagreements over whether a particular peice of malware actually belongs to the subjectively defined malware class in question...
back to index
0 comments:
Post a Comment