AV Add-on Captures Malware

Wednesday, December 9, 2015 @ 08:12 AM gHale

An add-on for antivirus software can scan across a computer network and trap malicious activity missed by the system firewall is now under development.

At issue is the idea operating systems and antivirus software must work closely together to reduce the burden of malware on computer systems.

New Path for Secure Communications
Automating Big Data Analysis
Creating More Efficient Embedded Systems
Securing Wireless Through a Body

The battle between malware developers and security researchers has changed dramatically in the last few years.

Years ago, the purpose behind malware was often for the sake of a prank, to expose vulnerabilities or just plain spite. Today, however, malware is more about stealing sensitive data and exploiting information for fraud, identity theft and other criminal intent. In addition, malware can break systems via denial-of-service (DoS) attacks in the name of espionage, whether industrial or political or for “hacktivism”, where activists prevent legitimate users from accessing a site they see as the enemy to their cause.

Computer security systems that attempt to thwart the spread of malicious software, malware, often fall down at one of two points of failure.

The first being the failure of the network to spot malicious data packets entering the system. The second is once the network ends up breached, the antivirus software, which is the last line of network defense fails to identify the software intruder as malicious.

That may soon change as researchers in Jordan and the U.S. created an antivirus add-on that allows the antivirus software to scan the network data as well as applications and to trap malicious activity the firewall and other defenses that work at the network have missed.

The system created by computer scientists Mohammed Al-Saleh of Jordan University of Science and Technology in Irbid and Bilal Shebaro of St. Edward’s University, Austin, Texas, side-steps the problem of additional computing overheads placed on a network attempting to detect the spread of encrypted malware and avoids the issue of antivirus software becoming outdated the instant new malware releases and uploaded and the inevitable vulnerability that occurs during the antivirus scanning process.

In testing, the team demonstrated their prototype security system add-on can detect the spread of malware to a computer and block it before it is able to do anything malicious or make a copy of itself to send to other machines on the network.

The system adds little computing overhead.

“Together with the existing network-based anti-malware software, our solution will offer client machines better protection that has no significant overhead on the protected system,” team members said.