Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Submission + - Watching Virus Behavior Far Better Than Signatures

davecb writes: A prototype anti-virus system developed at the University of Michigan uses the "fingerprint" of virus activity to more effectively identify viruses. The system obtains such fingerprints by intentionally infecting a quarantined computer with viruses. Conventional anti-virus software monitors systems for suspicious activity and then tries to determine the source by checking for virus signatures, which makes it difficult to spot new pieces of malware and track different variations.

The University of Michigan team studied the files and processes malware created and modified on an infected computer, and developed software that uses the information gathered to identify malware. The prototype is capable of defining clusters of malware that operate in similar ways, and can create a kind of family tree that illustrates how superficially different programs have similar methods of operation. In tests on the same software, the prototype was able to identify at least 10 percent more of the sample than five leading anti-virus programs. The prototype also always correctly connected different pieces of malware that operate similarly, while the best anti-virus program was only able to identify 68 percent of such links. (Courtesy of ACM Technews)

"It takes all sorts of in & out-door schooling to get adapted to my kind of fooling" - R. Frost