New software: Static Analyzer for Executables (SAFE).

Discussion in 'other anti-malware software' started by Rmus, May 25, 2007.

Thread Status:
Not open for further replies.
  1. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Computer scientists set on winning the computer virus 'cold war'
    http://www.physorg.com/news99237155.html

    ____________________________________________________________________
    References:

    Originally Published in "Wisconsin Week"
    University of Wisconsin May 9, 2007, p. 7
    http://www.news.wisc.edu/wisweek/09-May-2007/images/WW05092007.pdf

    Semantics-Aware Malware Detection
    by Mihai Christodorescu, Somesh Jha, Sanjit A. Seshia, Dawn Song, Randal E. Bryant
    Proceedings of the 2005 IEEE Symposium on Security and Privacy, May 8-11, 2005
    http://mihai.christodorescu.org/pdfs/20050509 - Semantics-Aware Malware Detection.pdf

    Technical Paper on Static Analysis of Executables to Detect Malicious Patterns
    by Somesh Jha and Mihai Christodorescu
    12th USENIX Security Symposium, August 2003
    http://www.usenix.org/events/sec03/tech/full_papers/christodorescu/christodorescu_html/index.html


    __________
    -rich
     
  2. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Interesting article Rmus and sounds good but I think that containment and deletion through sandboxing / virtualisation is a safe way to go as well.

    Quote from the first link:
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I agree, Franklin.

    I will always be suspicious of the reliability of detection solutions.
    There are just too many variables.

    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  4. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    I agree that sandboxing/ virtualization is one of the most effective security solutions currently available. But for how long? As these apps grow in popularity, more bad guys will place them on their radar. The best weapon would be a secure by default OS that would appeal to the masses.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    This all sounds very exciting, but the question is when this tech will reach the public. I hope it won´t be only hype. :rolleyes:
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Well it's at least something else than re-inventing the n'th scanner, the n'th HIPS, the n'th sandbox, ... and the n'th wheel.
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Anyone want to discuss:

    "Static Analyzer for Executables (SAFE)"

    :)

    -rich
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Several off topic posts removed including mine. Lets focus the discussion on the original post post and discuss "Static Analyzer for Executables (SAFE)".
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Research is probably a better word than hype. It's been going on for about 4 years.

    I suppose that like a lot of research, making a working model for general use is not always easy.

    What gave me hope is that one of the project developers gave an update this month. We'll have to wait and see.

    regards,

    -rich
     
    Last edited: May 27, 2007
  10. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Well, yes - that is refreshing.

    The only reservation I have is that:

    So, a potential weak point, when a "New behavior" virus will surface and those with SAFE will be "unsafe" until the update.

    From Signatures to Heuristics to Static Analysis - the window of opportunity for malware intrusion narrows, but still a window...

    regards,

    -rich
     
  11. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    To me this seems a lot similiar to heuristics provided by AVs such as KAV.
     
  12. EASTER.2010

    EASTER.2010 Guest

    I don't feel so bad now ronjor, even you recognize when you go astray sometime.

    Nothing more to add because this Topic is of no interest for an already well shielded system.
     
Loading...
Thread Status:
Not open for further replies.