Thursday, March 6, 2008

Behavior-Based Malware Detection Software on the Way

NovaShield says its product will block drive-by downloads of malware through its behavior-based detection method, which would alert users that suspicious activity is occurring.

Start-up NovaShield says that in May it will release its first security product for the PC, behavior-based detection software designed to catch, quarantine and eradicate malware not ordinarily detected by signature-based antivirus products.

The Windows-based NovaShield software will recognize activity from keyloggers, Trojans, and botnets and block them from executing. NovaShield, primarily intended for consumers as it has no central management, will block drive-by downloads of malware through its behavior-based detection method, which would alert users that suspicious activity is occurring.

"In this instance, there would be an alert to the user about Web activity," says Somesh Jha, chief scientist and co-founder of NovaShield, along with CEO Praveen Sinha. "Once we flag these executables as suspicious, we block them. But we do offer the user a way to override it." Jha is also a professor of computer science at the University of Wisconsin at Madison.

Sinha says the start-up, which has nine employees and was officially founded in 2006, this month received a half million dollars in small tech business funding from the National Science Foundation, though it has also aggregated $4.7 million in angel funding from undisclosed investors.

Several antimalware vendors, including McAfee, Symantec, Trend Micro and WebSense, are also tackling the problem of drive-by downloads, and offer versions of their own signature-based and behavior-based detection (compare intrusion prevention products and compare antivirus products).

The approach to malware detection that NovaShield is taking probably bears the most resemblance to that of behavior-based security product provider Sana Security, Jha says.

The NovaShield software monitors files, registry, process and events on Windows XP-based machines, using what Jha calls NovaShield's own "specification-based monitoring" to ensure secure interaction between application programs.

Pricing for the NovaShield software hasn't been announced, but once it's out in May, NovaShield plans a free trial version to be available.

No comments: