Conclusion
Malicious programs can be treacherous and complicated. They will do their
best to be invisible and seem as innocent as possible. Educating end users on
how these programs work and what to watch out for is critical, but it’s not
enough. Developers of applications and operating systems must constantly
improve the way these programs handle untrusted code and convincingly
convey to the users the fact that they simply shouldn’t let an unknown pro-
gram run on their system unless there’s an excellent reason to do so.
In this chapter, you have learned a bit about malicious programs, how they
work, and how they hide themselves from antivirus scanners. You also dis-
sected a very typical real-world malicious program and analyzed its behavior,
to gain a general idea of how these programs operate and what type of dam-
age they inflict on infected systems.
Granted, most people wouldn’t ever need to actually reverse engineer a
malicious program. The developers of antivirus and other security software do
an excellent job, and all that is necessary is to install the right security products
and properly configure systems and networks for maximum security. Still,
reversing malware can be seen as an excellent exercise in reverse engineering
and as a solid introduction to malicious software.306 Chapter 8