Called the ‘Korset’, the program has been designed to combat malware on Linux-based servers by predicting how uninfected programs should operate.
If the Korset senses abnormal activity from a program, it stops the program from working before malicious actions occur.
“We modified the kernel in the system's operating system so that it monitors and tracks the behaviour of the programs installed on it,” explained Avishai Wool, who developed Korset at the Tel Aviv University’s faculty of Engineering.
“When we see a deviation, we know for sure there's something bad going on,” he said.
Most antivirus programs today catch viruses that are already in circulation, and send them to isolated computer labs for study.
It is only after a virus is identified that a software update is distributed to antivirus subscribers, leaving a window of time for cybercriminals to attack, Wool said.
As it does not require viruses to be identified before signalling infections, Korset is expected to operate more efficiently than current commercial antivirus solutions.
“Our methods are much more efficient and don't chew up the computer's resources,” he said, adding that his motive is to make the Internet a safer place, and not to commercially compete with current software manufacturers.
“There is an ongoing battle between computer security experts and the phenomenal growth of viruses and network worms flooding the Internet,” he said.
“The fundamental problem with viruses remains unsolved and is getting worse every day.”
Korset was developed with the help of Wool’s graduate student Ohad Ben-Cohen, and was presented at the Black Hat Internet security conference in Las Vegas last month.
'Korset' antivirus technique boasts no commercial strings
By Staff Writers on Sep 17, 2008 1:06PM