Computer scientists set on winning the computer virus 'cold war'

May 24, 2007

First came the virus. Then came the antivirus software. Ever since, virus programmers have been escalating their technology, trying to stay one step ahead of the computer security engineers and vice versa.

"Essentially, this is an arms race," says Somesh Jha, an associate professor of computer science at the University of Wisconsin-Madison. Jha and graduate student Mihai Christodorescu have taken the next step in that proliferation.

In collaboration with computer scientists at the University of California-Berkeley and Carnegie Mellon University, the two UW-Madison researchers have developed new software called the Static Analyzer for Executables (SAFE).

SAFE targets viruses, spyware and other malicious programs - called malware - based on their behavior. Commercial virus scanners, such as McAfee and Symantec, search programs for specific patterns, or signatures. They read through programs like a computer might search a document for a specific word. SAFE would not only pick up that one word, but would spot all of its synonyms as well.

SAFE examines the behavior of a program without running it. Then it compares the behavior with a list of suspicious behaviors, such as reading an address book and sending e-mails. The programs that perform suspicious behaviors are considered malware.

The traditional signature-based method leaves an opening for virus programmers to disguise the virus and render the commercial scanners useless. Each disguised variant has a unique signature that must be distributed. Right now, most virus scanners recommend downloading updates weekly, but more frequent updates may become necessary, he says.

"I don't think the approaches currently being used by commercial companies are going to be sustainable," Jha says.

SAFE requires updates only when viruses exhibit new behavior. It is proactive, rather than reactive.

"This is the next generation in malware detection," Jha adds.

Jha and Christodorescu began working on SAFE when they tested variations of four viruses on Norton and McAfee antivirus scanners and found that only the original variation of each virus was caught. SAFE caught all variations.

SAFE's advantages are not limited to convenience and sustainability. Programmers are beginning to write viruses that change every time they get sent to another computer. These transformations are written directly into the code, and can create infinite variations of the virus.

"[Attackers] are already becoming very sophisticated. They are using on-the-fly evasion techniques," Jha says. "As they use more sophisticated things to hide their malware, your detection has to become better and better."

Source: University of Wisconsin-Madison


print this article email this article download pdf blog this article bookmark this article     Stumble it Digg this share on Facebook retweet share on Reddit add to delicious
Rate this story - 3.9 /5 (13 votes)


May 24, 2007 all stories

Comments: 0

3.9 /5 (13 votes)
  • Stumble this up

  • Digg this

  • share this

  • hide

  • Related Stories

  • Dangers grow on Web from attacks
    created Jul 09, 2009 | popularity not rated yet | comments 0
  • Tech 101: How a denial-of-service attack works
    created Jul 08, 2009 | popularity not rated yet | comments 0
  • Debate over speed vs. deliberation in developing vaccines heats up
    created May 03, 2009 | popularity not rated yet | comments 0
  • More older users heading for their keyboards
    created Feb 27, 2009 | popularity not rated yet | comments 0
  • RIT professor recommends tougher computer security measures to beat hackers
    created Dec 03, 2008 | popularity not rated yet | comments 0



  • hide

  • Relevant PhysicsForums posts

  • Mathematica Question: Finding local maximums
    created 3 hours ago
  • Read multiple binary files to ascii
    created Nov 07, 2009
  • Engineering Translation software
    created Nov 06, 2009
  • Changing the language options on your phone.
    created Nov 03, 2009
  • More from Physics Forums - Computing & Technology

Other News

A system of space solar power system (SSPS)

Japan eyes solar station in space as new energy source

Technology / Energy

created 15 hours ago | popularity 4.7 / 5 (12) | comments 15

It may sound like a sci-fi vision, but Japan's space agency is dead serious: by 2030 it wants to collect solar power in space and zap it down to Earth, using laser beams or microwaves.


Campaigners are stepping up efforts to curb online tracking

Advertisers face resistance to on-line tracking

Technology / Internet

created 15 hours ago | popularity 5 / 5 (3) | comments 0

Campaigners are stepping up efforts to curb online tracking of Internet use by firms that deliver adverts tailored to the specific interests of consumers, as polls reveal widespread unease with the practice.


Software cos. eye key patent case in Supreme Court (AP)

Software cos. eye key patent case in Supreme Court

Technology / Business

created 16 hours ago | popularity 5 / 5 (4) | comments 1

(AP) -- With the technology industry looking on, the Supreme Court on Monday will explore what types of inventions should be eligible for a patent in a pivotal case that could undermine such legal protections ...


Framed for child porn -- by a PC virus

Framed for child porn -- by a PC virus

Technology / Internet

created 8 hours ago | popularity 5 / 5 (5) | comments 1

(AP) -- Of all the sinister things that Internet viruses do, this might be the worst: They can make you an unsuspecting collector of child pornography.


Sony offers 'Cloudy' early to people with its TVs

Technology / Business

created 8 hours ago | popularity not rated yet | comments 0

(AP) -- In a bid to sell living room electronics and spur buzz for "Cloudy with A Chance of Meatballs," Sony Corp. is offering the movie for free to U.S. buyers of its Internet-connected TVs and Blu-ray players starting ...




PhysOrg Account
advanced search
  • follow with twitter
  • follow on facebook
  • read with kindle
  • customize RSS
  • physorg mobile
  • newsletter