Most scholars think that one can use Pin tool or binary instrumentation techniques to detect malwares in the future. Unlike traditional antiviruses where scanning files is used to detect viruses, one can use tools like Pin tool to scan program's resources to detect abnormalities; thus detect malwares.
=== Utilizing System Resource Monitoring ===
Line 42:
=== Other Alternatives to Pin Tool ===
There are many other tools available to collect resource usage of running programs on the system such as [[Bell Lab]]’s strapon tool and [[Dyninst]] tool etc. [[Bell Lab]]’s tool uses the strap on technology which runs a tool to collect resources simultaneously with the program but this tool is only compatible with the programs which allow other programs to run simultaneously with them.<ref>{{Cite journal|url = |title = Building secure products and solutions. Bell Labs Technical Journal|last = Gupta|first = Chandrashekhar|date = 2007|journal = |doi = 10.1002/bltj.20247|pmid = |access-date = }}</ref>. Furthermore, [[Dyninst]] tool uses [[binary rewriting]] of the program’s executable and implementable commands inside the program to check for resource usage and is very efficient. However, it is very unstable as it is a relatively new tool and crashes on large scale programs.<ref>{{Cite journal|url = |title = Dynamic binary instrumentation and data aggregation on large scale systems|last = Lee|first = Schulz|date = 2007|journal = International Journal of Parallel Programming|doi = |pmid = |access-date = }}</ref>. Lastly, [[Intel]] Pin tool uses static binary instrumentation and runs the program as a part of itself while keeping track of all its resources.<ref>{{Cite journal|title = Analyzing Parallel Programs with PIN|url = http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=5427374|journal = Computer|date = March 2010|access-date = 2015-04-27|issn = 0018-9162|pages = 34-4134–41|volume = 43|issue = 3|doi = 10.1109/MC.2010.60|first = M.|last = Bach|first2 = M.|last2 = Charney|first3 = R.|last3 = Cohn|first4 = E.|last4 = Demikhovsky|first5 = T.|last5 = Devor|first6 = K.|last6 = Hazelwood|first7 = A.|last7 = Jaleel|first8 = Chi-Keung|last8 = Luk|first9 = G.|last9 = Lyons}}</ref>. This approach is more suitable for an antivirus as it can easily run all the processes under itself and can kill programs if they reach a maximum allocated limit as defined by the antivirus.
