WiredWX Hobby Weather ToolsLog in

 


descriptionSoftware to put an end to all AV's? EmptySoftware to put an end to all AV's?

more_horiz
Tel Aviv (Israel) - Professor Avishai Wool and graduate student Ohad Ben-Cohen of Tel Aviv University (TAU) have developed an approach to battle computer viruses that may put an end to anti-virus software. The approach is so revolutionary and simple that the days of our machines being slowed to a crawl while every file is checked may soon be a thing of the past.

Today's anti-virus software program work by intensively employing hardware features present on all modern day 80386 and later computer chips. These features isolate memory from other programs allowing secure software (the anti-virus software) to examine memory and programs before they are launched. This works well to identify known viruses, however it often takes a big toll on the processor and mandates that the launching application be halted until its executable code and data can be examined for all known viruses. This often results in extremely slow load times and what appears to the user to be really annoying response times and lags. Wool's invention may finally put an end to that.

Even with the most up-to-date virus database definition files available, there is almost always a lag time between new viruses found in the wild and the implementation of the fix by vigilant anti-virus groups like McAfee and Norton. That delay may only be a day or two, but if the virus infects your computer or network server, what does that mean to you? That day might as well be an eternity if significant enough data or system resources are compromised.

This new approach is called "Korset," and requires a recompile of the operating system's kernel to include some watches or keys that look at the way the machine is setup to run software. Basically, his invention examines how a normal machine operates. And whenever the kernel identifies patterns of internal software use that do not look like the normal operations of the machine, it halts the system until the cause can be examined.

Now this examination of how a normal machine operates is given in very high level terms for explanation. It doesn't mean that if a new software program is installed Wool's invention will prevent you from using it. But what it does do is look at some of the internal patterns that installed software is known to use. For example, when many programs are launched they will access certain registry keys to determine where the window should be situated, what custom controls have been added or moved around, etc. This is a normal activity for an application. If, however, it suddenly begins accessing the Internet the kernel could identify that as new behavior.

In the case of a virus, that would mean that a malicious application could be contained before any damage is done. “When we see a deviation, we know for sure there’s something bad going on,” Wool explains. In short: Whereas no anti-virus attempts can truly stop every possible virus, Wool's invention can provide network servers, mail servers and other user machines with a way to immediately identify system changes which would indicate the presence of a virus.

Wool's basic findings were originally published in 2006. However, as they gain more and more acceptance by the computing communities, and since he has now released an open source application for Linux, the recognition and strength of his findings may be realized.

Source:
http://www.tgdaily.com/content/view/39262/108/
===

I'd actually like to try this on an infected VM when/if it gets released. Please (puppy eyes)

descriptionSoftware to put an end to all AV's? EmptyRe: Software to put an end to all AV's?

more_horiz
This is interesting... Can't wait to check it out.

descriptionSoftware to put an end to all AV's? EmptyRe: Software to put an end to all AV's?

more_horiz
sounds cool. it might change everything...

descriptionSoftware to put an end to all AV's? EmptyRe: Software to put an end to all AV's?

more_horiz
must tell me wut u think wen u check it out...

descriptionSoftware to put an end to all AV's? EmptyRe: Software to put an end to all AV's?

more_horiz
Core level protection? Nothing new here...

descriptionSoftware to put an end to all AV's? EmptyRe: Software to put an end to all AV's?

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum