{"id":616,"date":"2013-02-27T04:38:05","date_gmt":"2013-02-27T04:38:05","guid":{"rendered":"http:\/\/e-olio.com\/cknow\/cms\/?p=616"},"modified":"2013-05-08T15:42:58","modified_gmt":"2013-05-08T22:42:58","slug":"interception","status":"publish","type":"post","link":"https:\/\/www.cknow.com\/cms\/vtutor\/interception.html","title":{"rendered":"Interception"},"content":{"rendered":"<p><div class=\"simplePullQuote right\"><p><strong>Monitoring for system-level routines that perform destructive acts can help, but such monitoring is fairly easily bypassed. Do not depend on it alone.<\/strong><\/p>\n<\/div>Interceptors (also known as resident monitors) are particularly useful for deflecting <a href=\"https:\/\/www.cknow.com\/cms\/vtutor\/logic-bombs.html\">logic bombs<\/a> and <a href=\"https:\/\/www.cknow.com\/cms\/vtutor\/trojans.html\">Trojans<\/a>. The interceptor monitors operating system requests that write to disk or do other things that the program considers threatening (such as installing itself as a resident program). If it finds such a request, the interceptor generally pops up and asks you if you want to allow the request to continue. There is, however, no reliable way to intercept direct branches into low level code or to intercept direct input and output instructions done by the virus itself. Some viruses even manage to disable the monitoring program itself. Indeed, for one widely-distributed anti-virus program several years back it only took eight bytes of code to turn its monitoring functions off.<\/p>\n<p>It is important to realize that monitoring and interception is a risky technique. Some products that use this technique are so annoying to use (due to their frequent messages popping up) that some users consider the cure worse than the disease!<\/p>\n<h4>Summary<\/h4>\n<ul>\n<li>Interceptors are useful for some simple logic bombs and Trojans.<\/li>\n<li>It would be unwise to depend entirely upon behavior monitors as they are easily bypassed.<\/li>\n<\/ul>\n<table style=\"margin: 0pt; width: 100%;\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\" align=\"center\">\n<tbody>\n<tr align=\"center\">\n<td style=\"padding: 0 0 0 0;\" colspan=\"2\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.cknow.com\/cms\/wp-content\/uploads\/2013\/02\/arrow_up.png\" alt=\"Up Arrow\" width=\"16\" height=\"16\" class=\"alignnone size-full wp-image-579\" \/> <a href=\"https:\/\/www.cknow.com\/cms\/vtutor\/virus-protection.html\">Virus Protection<\/a> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.cknow.com\/cms\/wp-content\/uploads\/2013\/02\/arrow_up.png\" alt=\"Up Arrow\" width=\"16\" height=\"16\" class=\"alignnone size-full wp-image-579\" \/><\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 0 0 0 0;\" align=\"right\"><a href=\"https:\/\/www.cknow.com\/cms\/vtutor\/integrity-checking.html\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.cknow.com\/cms\/wp-content\/uploads\/2013\/02\/arrow_prior.gif\" alt=\"Prior Page\" width=\"48\" height=\"32\" class=\"alignnone size-full wp-image-578\" \/><\/a><\/td>\n<td style=\"padding: 0 0 0 0;\" align=\"left\"><a href=\"https:\/\/www.cknow.com\/cms\/vtutor\/av-product-use-guidelines.html\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.cknow.com\/cms\/wp-content\/uploads\/2013\/02\/arrow_next.gif\" alt=\"Next Page\" width=\"48\" height=\"32\" class=\"alignnone size-full wp-image-577\" \/><\/a><\/td>\n<\/tr>\n<tr>\n<td style=\"padding-right: 20px; text-align: right; width: 50%;\"><a href=\"https:\/\/www.cknow.com\/cms\/vtutor\/integrity-checking.html\">Integrity Checking<\/a> <\/td>\n<td style=\"padding-left: 20px; width: 50%; text-align: left;\"> <a href=\"https:\/\/www.cknow.com\/cms\/vtutor\/av-product-use-guidelines.html\">AV Product Use Guidelines<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Interceptors (also known as resident monitors) are particularly useful for deflecting logic bombs and Trojans. The interceptor monitors operating system requests that write to disk or do other things that the program considers threatening (such as installing itself as a resident program). If it finds such a request, the interceptor generally pops up and asks [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-616","post","type-post","status-publish","format-standard","hentry","category-vtutor","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Interception - C-Know Media<\/title>\n<meta name=\"description\" content=\"Interception of system-level routines that perform destructive acts can help, but such monitoring is fairly easily bypassed. Do not depend on it alone.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cknow.com\/cms\/vtutor\/interception.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Interception - C-Know Media\" \/>\n<meta property=\"og:description\" content=\"Interception of system-level routines that perform destructive acts can help, but such monitoring is fairly easily bypassed. Do not depend on it alone.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cknow.com\/cms\/vtutor\/interception.html\" \/>\n<meta property=\"og:site_name\" content=\"C-Know Media\" \/>\n<meta property=\"article:published_time\" content=\"2013-02-27T04:38:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2013-05-08T22:42:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cknow.com\/cms\/wp-content\/uploads\/2013\/02\/arrow_up.png\" \/>\n<meta name=\"author\" content=\"DaBoss\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"DaBoss\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/vtutor\\\/interception.html#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/vtutor\\\/interception.html\"},\"author\":{\"name\":\"DaBoss\",\"@id\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/#\\\/schema\\\/person\\\/47944007814fe46e32a1ebee5954638f\"},\"headline\":\"Interception\",\"datePublished\":\"2013-02-27T04:38:05+00:00\",\"dateModified\":\"2013-05-08T22:42:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/vtutor\\\/interception.html\"},\"wordCount\":225,\"image\":{\"@id\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/vtutor\\\/interception.html#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/wp-content\\\/uploads\\\/2013\\\/02\\\/arrow_up.png\",\"articleSection\":[\"VTutor\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/vtutor\\\/interception.html\",\"url\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/vtutor\\\/interception.html\",\"name\":\"Interception - C-Know Media\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/vtutor\\\/interception.html#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/vtutor\\\/interception.html#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/wp-content\\\/uploads\\\/2013\\\/02\\\/arrow_up.png\",\"datePublished\":\"2013-02-27T04:38:05+00:00\",\"dateModified\":\"2013-05-08T22:42:58+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/#\\\/schema\\\/person\\\/47944007814fe46e32a1ebee5954638f\"},\"description\":\"Interception of system-level routines that perform destructive acts can help, but such monitoring is fairly easily bypassed. Do not depend on it alone.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/vtutor\\\/interception.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cknow.com\\\/cms\\\/vtutor\\\/interception.html\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/vtutor\\\/interception.html#primaryimage\",\"url\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/wp-content\\\/uploads\\\/2013\\\/02\\\/arrow_up.png\",\"contentUrl\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/wp-content\\\/uploads\\\/2013\\\/02\\\/arrow_up.png\",\"width\":16,\"height\":16,\"caption\":\"Up Arrow\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/vtutor\\\/interception.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Interception\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/#website\",\"url\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/\",\"name\":\"C-Know Media\",\"description\":\"Fun media for all\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/#\\\/schema\\\/person\\\/47944007814fe46e32a1ebee5954638f\",\"name\":\"DaBoss\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d4ba3f829b22682345f1dec9f43e839d822e1b4c570d7ce15475db8b4d5ce111?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d4ba3f829b22682345f1dec9f43e839d822e1b4c570d7ce15475db8b4d5ce111?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d4ba3f829b22682345f1dec9f43e839d822e1b4c570d7ce15475db8b4d5ce111?s=96&d=mm&r=g\",\"caption\":\"DaBoss\"},\"url\":\"https:\\\/\\\/www.cknow.com\\\/cms\\\/author\\\/daboss-2\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Interception - C-Know Media","description":"Interception of system-level routines that perform destructive acts can help, but such monitoring is fairly easily bypassed. Do not depend on it alone.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cknow.com\/cms\/vtutor\/interception.html","og_locale":"en_US","og_type":"article","og_title":"Interception - C-Know Media","og_description":"Interception of system-level routines that perform destructive acts can help, but such monitoring is fairly easily bypassed. Do not depend on it alone.","og_url":"https:\/\/www.cknow.com\/cms\/vtutor\/interception.html","og_site_name":"C-Know Media","article_published_time":"2013-02-27T04:38:05+00:00","article_modified_time":"2013-05-08T22:42:58+00:00","og_image":[{"url":"https:\/\/www.cknow.com\/cms\/wp-content\/uploads\/2013\/02\/arrow_up.png","type":"","width":"","height":""}],"author":"DaBoss","twitter_misc":{"Written by":"DaBoss","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cknow.com\/cms\/vtutor\/interception.html#article","isPartOf":{"@id":"https:\/\/www.cknow.com\/cms\/vtutor\/interception.html"},"author":{"name":"DaBoss","@id":"https:\/\/www.cknow.com\/cms\/#\/schema\/person\/47944007814fe46e32a1ebee5954638f"},"headline":"Interception","datePublished":"2013-02-27T04:38:05+00:00","dateModified":"2013-05-08T22:42:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cknow.com\/cms\/vtutor\/interception.html"},"wordCount":225,"image":{"@id":"https:\/\/www.cknow.com\/cms\/vtutor\/interception.html#primaryimage"},"thumbnailUrl":"https:\/\/www.cknow.com\/cms\/wp-content\/uploads\/2013\/02\/arrow_up.png","articleSection":["VTutor"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cknow.com\/cms\/vtutor\/interception.html","url":"https:\/\/www.cknow.com\/cms\/vtutor\/interception.html","name":"Interception - C-Know Media","isPartOf":{"@id":"https:\/\/www.cknow.com\/cms\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cknow.com\/cms\/vtutor\/interception.html#primaryimage"},"image":{"@id":"https:\/\/www.cknow.com\/cms\/vtutor\/interception.html#primaryimage"},"thumbnailUrl":"https:\/\/www.cknow.com\/cms\/wp-content\/uploads\/2013\/02\/arrow_up.png","datePublished":"2013-02-27T04:38:05+00:00","dateModified":"2013-05-08T22:42:58+00:00","author":{"@id":"https:\/\/www.cknow.com\/cms\/#\/schema\/person\/47944007814fe46e32a1ebee5954638f"},"description":"Interception of system-level routines that perform destructive acts can help, but such monitoring is fairly easily bypassed. Do not depend on it alone.","breadcrumb":{"@id":"https:\/\/www.cknow.com\/cms\/vtutor\/interception.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cknow.com\/cms\/vtutor\/interception.html"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cknow.com\/cms\/vtutor\/interception.html#primaryimage","url":"https:\/\/www.cknow.com\/cms\/wp-content\/uploads\/2013\/02\/arrow_up.png","contentUrl":"https:\/\/www.cknow.com\/cms\/wp-content\/uploads\/2013\/02\/arrow_up.png","width":16,"height":16,"caption":"Up Arrow"},{"@type":"BreadcrumbList","@id":"https:\/\/www.cknow.com\/cms\/vtutor\/interception.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cknow.com\/cms\/"},{"@type":"ListItem","position":2,"name":"Interception"}]},{"@type":"WebSite","@id":"https:\/\/www.cknow.com\/cms\/#website","url":"https:\/\/www.cknow.com\/cms\/","name":"C-Know Media","description":"Fun media for all","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cknow.com\/cms\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.cknow.com\/cms\/#\/schema\/person\/47944007814fe46e32a1ebee5954638f","name":"DaBoss","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d4ba3f829b22682345f1dec9f43e839d822e1b4c570d7ce15475db8b4d5ce111?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d4ba3f829b22682345f1dec9f43e839d822e1b4c570d7ce15475db8b4d5ce111?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d4ba3f829b22682345f1dec9f43e839d822e1b4c570d7ce15475db8b4d5ce111?s=96&d=mm&r=g","caption":"DaBoss"},"url":"https:\/\/www.cknow.com\/cms\/author\/daboss-2"}]}},"_links":{"self":[{"href":"https:\/\/www.cknow.com\/cms\/wp-json\/wp\/v2\/posts\/616","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cknow.com\/cms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cknow.com\/cms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cknow.com\/cms\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cknow.com\/cms\/wp-json\/wp\/v2\/comments?post=616"}],"version-history":[{"count":0,"href":"https:\/\/www.cknow.com\/cms\/wp-json\/wp\/v2\/posts\/616\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.cknow.com\/cms\/wp-json\/wp\/v2\/media?parent=616"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cknow.com\/cms\/wp-json\/wp\/v2\/categories?post=616"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cknow.com\/cms\/wp-json\/wp\/v2\/tags?post=616"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}