摘要 |
The invention is concerned with detecting unauthorised programs stored on a computer system, in particular steganographic programs (programs capable of introducing hidden data). Signatures of the programs of interest are obtained with each signature consisting of at least a part of a program, for example, the initial 500 bytes of an important file in a steganographic program, such as a .EXE or .DDL file taken from the program's core kernel. Each signature is compared with files on the computer system with the exception of files on a prearranged exclusion list. If a signature is found to match data in a file, the filename, the finding of steganography in it, the file location and the matched signature may be recorded for output to a system user. Files compared with the signatures may include logical wastebasket files, deleted files, compressed files, executable files and polymorphic files. |