New scheme creates virtual environment where malware can be detected by its behavior
Microsoft Tuesday was awarded a patent on a new technology that may enable security applications to detect and stop malware before it enters the operating system.
In the patent, Microsoft inventor Adrian Marinescu describes a method for creating a virtualized sandbox in which the behavior of incoming executable code can be studied.
The technology would enable a software program to identify malware based on its behavior before it does any damage, rather than relying on post-infection signatures of malware that has already infected some systems. This approach may help mitigate the threats posed by the majority of new malware, which generally riffs on previously-written code.
"The virtual operating environment confines potential malware so that the systems of the host operating environment will not be adversely effected [sic] during simulation," the patent says. "As a program is being simulated, a set of behavior signatures is generated. The collected behavior signatures are suitable for analysis to determine if the program is malware."
The patent was originally filed in 2004. Microsoft has not said when or how the technology might be deployed in its product line.
— Tim Wilson, Site Editor, Dark Reading
Microsoft Corp. (Nasdaq: MSFT)
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024