New scheme creates virtual environment where malware can be detected by its behavior

Dark Reading Staff, Dark Reading

May 22, 2008

1 Min Read

Microsoft Tuesday was awarded a patent on a new technology that may enable security applications to detect and stop malware before it enters the operating system.

In the patent, Microsoft inventor Adrian Marinescu describes a method for creating a virtualized sandbox in which the behavior of incoming executable code can be studied.

The technology would enable a software program to identify malware based on its behavior before it does any damage, rather than relying on post-infection signatures of malware that has already infected some systems. This approach may help mitigate the threats posed by the majority of new malware, which generally riffs on previously-written code.

"The virtual operating environment confines potential malware so that the systems of the host operating environment will not be adversely effected [sic] during simulation," the patent says. "As a program is being simulated, a set of behavior signatures is generated. The collected behavior signatures are suitable for analysis to determine if the program is malware."

The patent was originally filed in 2004. Microsoft has not said when or how the technology might be deployed in its product line.

— Tim Wilson, Site Editor, Dark Reading

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights