Microsoft Tuesday was awarded a patent on a new technology that may enable security applications to detect and stop malware before it enters the operating system.
In the patent, Microsoft inventor Adrian Marinescu describes a method for creating a virtualized sandbox in which the behavior of incoming executable code can be studied.
The technology would enable a software program to identify malware based on its behavior before it does any damage, rather than relying on post-infection signatures of malware that has already infected some systems. This approach may help mitigate the threats posed by the majority of new malware, which generally riffs on previously-written code.
"The virtual operating environment confines potential malware so that the systems of the host operating environment will not be adversely effected [sic] during simulation," the patent says. "As a program is being simulated, a set of behavior signatures is generated. The collected behavior signatures are suitable for analysis to determine if the program is malware."
The patent was originally filed in 2004. Microsoft has not said when or how the technology might be deployed in its product line.
Tim Wilson, Site Editor, Dark Reading