New approaches to malware detection coming into view
- 26 April, 2007 13:35
Another newcomer eager to shake up the old order is Robot Genius, which is making its formal debut on April 30.
"The problem we're trying to solve is malware," says Stephen Hsu, co-founder of the company, which has 10 employees and US$2 million in venture-capital funding. "Traditional approaches rely on reactive protection methods, which protect users only after a new threat has been discovered."
By contrast, says Hsu, "We're coming up with a new kind of security client that has behavior capabilities to identify malware. And we have a Web crawler that looks at Web pages to find executables that are malware, and we will warn you, or block, when you're about to do something deemed to be unsafe."
The Robot Genius client software, called Spyberus, uses a driver-based filtering technique to monitor and track like an audit trail all installed files on a system.
Spyberus detects malware and reverse malware infections using a Take Control feature to stop malware-hijacked processes.
Robot Genius plans to make Spyberus available as a free client for Windows XP and 32-bit Vista in early May. "Spyberus can't run on 64-bit Vista because of what Microsoft did with kernel protection," says Hsu.
Robot Genius plans to release a free browser plug-in later in May. Hsu adds he's working with a "major search engine," which he declined to name, that is sharing a subset of Web crawl data it collects so Robot Genius can identify harmful executables through what is says is a largely automated method.
Hsu says the McAfee, Symantec and Trend Micro, as well as other security vendors, are working on similar methods of malware detection, and he intends to show Robot Genius will do it better.
"We have their scanning engines, and the best antivirus products only catch 60% of the malware we detect," boasts Hsu.
Robot Genius's strategy calls for licensing its technology to antivirus companies, network firewall vendors and search engines that want to block Web-based malware which is often found in online games, screen savers, toolbars and small applications dispensed over the Web.
Some search engines have already started getting aggressive about keeping malware from hitting their users. Google, for example, is a supporter of the StopBadware.org coalition, and last year started warning users about malware when search queries turned up links to sites that the coalition cites sources of "badware" deemed harmful to users.
Hsu -- a professor in theoretical physics at the University of Oregon who found earlier success selling a company he founded, SafeWeb, to Symantec -- may not be easy for the larger security vendors to dismiss.
"They've come up with some interesting technology," says Gartner Research Director Peter Firstbrook. "We see this as being in the area of the 'secure Web gateway.'"
Firstbrook says about two dozen vendors, including Websense, SurfControl and Secure Computing's SmartFilter, have all devised some method for detecting or blocking malware downloads through URLs. "The antivirus vendors also are doing things here, such as Trend Micro with its reputation services," he says.
Robot Genius has some "realistic market opportunities" but as a small start-up could be "spreading themselves pretty thin," Firstbrook says.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
Thanks a million, Drupal
Optus goes over the top with VoIP service
Turnbull asks how the NBN got that way
U.S. retailers insist on PIN requirement in smartcard rules
Yelp speeds database access with flash storage