New software: Static Analyzer for Executables (SAFE).

Computer scientists set on winning the computer virus 'cold war'
http://www.physorg.com/news99237155.html

____________________________________________________________________
References:

Originally Published in "Wisconsin Week"
University of Wisconsin May 9, 2007, p. 7
http://www.news.wisc.edu/wisweek/09-May-2007/images/WW05092007.pdf

Semantics-Aware Malware Detection
by Mihai Christodorescu, Somesh Jha, Sanjit A. Seshia, Dawn Song, Randal E. Bryant
Proceedings of the 2005 IEEE Symposium on Security and Privacy, May 8-11, 2005
http://mihai.christodorescu.org/pdfs/20050509 - Semantics-Aware Malware Detection.pdf

Technical Paper on Static Analysis of Executables to Detect Malicious Patterns
by Somesh Jha and Mihai Christodorescu
12th USENIX Security Symposium, August 2003
http://www.usenix.org/events/sec03/tech/full_papers/christodorescu/christodorescu_html/index.html


__________
-rich

 

Interesting article Rmus and sounds good but I think that containment and deletion through sandboxing / virtualisation is a safe way to go as well.

Quote from the first link:

 

I agree, Franklin.

I will always be suspicious of the reliability of detection solutions.
There are just too many variables.

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

I agree that sandboxing/ virtualization is one of the most effective security solutions currently available. But for how long? As these apps grow in popularity, more bad guys will place them on their radar. The best weapon would be a secure by default OS that would appeal to the masses.

 

This all sounds very exciting, but the question is when this tech will reach the public. I hope it won´t be only hype.

 

Well it's at least something else than re-inventing the n'th scanner, the n'th HIPS, the n'th sandbox, ... and the n'th wheel.

 

Anyone want to discuss:

"Static Analyzer for Executables (SAFE)"



-rich

 

Research is probably a better word than hype. It's been going on for about 4 years.

I suppose that like a lot of research, making a working model for general use is not always easy.

What gave me hope is that one of the project developers gave an update this month. We'll have to wait and see.

regards,

-rich

 

Well, yes - that is refreshing.

The only reservation I have is that:

So, a potential weak point, when a "New behavior" virus will surface and those with SAFE will be "unsafe" until the update.

From Signatures to Heuristics to Static Analysis - the window of opportunity for malware intrusion narrows, but still a window...

regards,

-rich

 

To me this seems a lot similiar to heuristics provided by AVs such as KAV.

 

I don't feel so bad now ronjor, even you recognize when you go astray sometime.

Nothing more to add because this Topic is of no interest for an already well shielded system.