NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0185 Next-Generation Virus Detection:

First came the virus. Then came the antivirus software. Ever since, virus programmers have been escalating their technology, trying to stay one step ahead of the computer security engineers, and vice-versa. Now researchers at the University of Wisconsin-Madison have taken the next step in that battle. In collaboration with computer scientists at the University of California-Berkeley and Carnegie Mellon University, the two UW-Madison researchers have developed new software called the Static Analyzer for Executables (SAFE). SAFE targets viruses, spyware, and other malicious programs based on their behavior. Commercial virus scanners, such as McAfee and Symantec, search programs looking for specific patterns (signatures). They read through programs like a computer might search a document for a specific word. SAFE would not only pick up that one word, but would spot all of its synonyms as well. SAFE examines the behavior of a program without running it. Then it compares the programs that perform suspicious behaviors, such as reading an address book and sending emails. The programs that perform suspicious behaviors are considered malware. SAFE requires updates only when viruses exhibit new behaviors. It is proactive, rather than reactive. The researchers began working on SAFE when they tested variations of four viruses on Norton and McAfee antivirus scanners and found that only the ORIGINAL variation of each virus was caught, while SAFE caught all variations.

(University of Wisconsin-Madison 24MAY07)

Last Modified: Wednesday, 30-May-2007 00:46:50 EDT