NovaShield, a Madison, Wisconsin-based company founded by University of Wisconsin scientists, has released a new version of its Malware detection software on Windows XP and Vista, with the aim of shifting traditional Malware scanning to signature-less protection. Whereas most AV engines and anti-Malware offerings look at what malicious software says, NovaShield offers an alternative by monitoring what malicious software does.
NovaShield offers new version of their Malware scanner. (IMG:J.Anderson)
NovaShield is behavior-based security software that watches what happens on the Kernel level of the operating system and takes aim at drive-by-downloads, Trojans, keyloggers and rootkits, as well as traditional threats such as viruses and worms.
According to the company, other anti-virus programs have focused on identifying Malware by using signatures to flag and quarantine known threats. However, research shows that the last eighteen months have seen the average size of signature databases doubling and, in some cases, tripling.
What this means to the normal home user is slow processing and sluggish computer responses. However, there has been a strong push to address the taxing resource usage caused by most Malware scanning programs, including new offerings from Symantec and McAfee.
The objective here is to rely less on signature lists and focus more on how the Malware acts. This objective is achieved by lowering the footprint a Malware scanner has on a system. Small install sizes, small updating, and passive background scanning that is placed at a lower priority on a computer where the CPU is being utilized by other programs.
For example, imagine trying to watch a movie and your virus scanner kicks off a scan, the movie is choppy and often stops because of the resource hog that is your scanner. Passive scanning lowers this annoyance, if not completely removes it, by scanning in smaller blocks and only when the CPU is idle.
What is interesting about NovaShield is not what it does, as there are more than a few Malware scanners on the market that monitor what a program does before flagging it as harmful and removing it. No, what is interesting is how NovaShield started.
The company was founded by University of Wisconsin scientists and funded by grants from the National Science Foundation (NSF). Aside from the NSF grants, the company supports itself by offering paid subscripts after the initial 90-day free trial of the NovaShield AntiMalware product. A company that was founded with science and funded by science grants might offer something positive down the line when it comes to personal computer protection.
“PC security experts have been talking about the problems with traditional anti-virus technologies for years,” said Dr. Somesh Jha, co-founder and chief scientist at NovaShield. “Our approach is well designed to supplement the protection afforded by current signature-scanning anti-virus programs while preventing emerging threats from taking root and stealing private information such as social security numbers, passwords, and credit card transactions.”
NovaShield AntiMalware approaches Malware detection through a unique form of behavior-based threat detection called specification-based monitoring. Whereas traditional signature-based anti-virus solutions rely on hundreds of thousands of policies to detect potential threats, and also require an average 19-day window of exposure before a new infection can be detected, removed and blocked, NovaShield AntiMalware’s underlying Secure Activity Filtering Engine (SAFE) technology employs fewer than a dozen generalized policies that identify malicious activities in real-time.
"For example, [the] following is a sequence of events that will be identified as malicious: a malware first makes a copy of itself, and then changes the system settings (.e.g, Windows’ registry) so that when the computer is restarted the copy will be automatically started, and finally deletes itself (the original program). Our system will be able to capture and identify this sequence of events, mark the copied file as malicious, and also undo the changes made by the malware. Another example would be when a malware tries to steal sensitive data from a user by monitoring key strokes the user has entered. In this case, we will mark the malware as malicious, and stop it from capturing key strokes," Dr. Somesh Jha explained to The Tech Herald.
The newest version of NovaShield AntiMalware application is 2.0, which increases some of the earlier technology used in previous editions. Some of the advancements listed include: enhanced Kernel modules; a faster Policy engine that analyzes activities captured by the Kernel modules and detects malicious activities associated with Malware; stronger whitelisting for applications or processes that were falsely tagged as malicious; and faster remediation processes for malicious activities.
You can get the 90-day trial at www.novashield.com, however, once that expires the program will need to be purchased -- the software's final price is unknown at the time of posting. Also, this is not something to use to replace your normal virus or Malware protection; AntiMalware is designed as an additional layer of protection for your home computer.
There are currently no comments for this article. Be the first to comment! (no registration required)
Advertising
There are currently no comments for this article. Be the first to comment! (no registration required)