Business Daily from THE HINDU group of publications
Monday, Dec 25, 2006
ePaper
eWorld
Features
Stocks
Cross Currency
Shipping
Archives
Google

Group Sites

 eWorld - Viruses
Info-Tech - Security
No entry for viruses

Archana Venkat

A look at some new ways to protect our systems.

Imagine a virus-free world. Impossible? But what if an anti-virus solution could prevent even unknown viruses from entering one's computer and did not need any updates or affect the computer's performance?

Rudra Technologies Ltd says it has designed just such a solution,using a new technology that is under process for the USPTO patent.

With virus attacks increasing - in number and in complexity - it has become imperative for companies to think of new ways to curb this old menace.

Intention-based technology

Rudra's software is built on `intention based technology' as opposed to the traditional signature (also called fingerprint) and heuristic-based technologies used by companies such as Norton, Symantec and McAfee, says N.S. Baskar, Managing Director, Rudra Technologies.

Signature technology uses a database to store the signature (a binary digit) of each virus discovered in the world. Signatures of files entering a computer are matched against the database.

If a match is found, a virus is detected and removed. Every time a virus attack occurs in any part of the world, the signature of the virus responsible for the attack is added to the database and the user is sent an update on the same. However, this technology is ineffective against new viruses whose signatures are yet to be discovered. Heuristic technology tackles this to an extent. It studies the pattern of virus entries in the past and prevents the next attack based on logical calculations. But this technology too is not foolproof against viruses. Rudra's software stores information about the computer and not the virus, hence eliminating the need for databases.

The software uses filters to detect viruses. If a file or signature that seems incompatible with the computer tries to enter the system, it will be detected and thrown out, says Baskar.

But what if the virus is in a type of file that is compatible with the computer? Baskar says it will still be blocked, but declines to divulge details, with the patent application pending with the authorities.

For Rudra, new and old viruses are alike - each of them undergoes checks at the filter. This checking takes negligible time and does not affect the computer's performance, says Baskar. As viruses are compared with the computer's information and not a virus signature database, no patches or updates need to be sent to users.

Behavioural blocking

Other companies are also working to reduce dependence on traditional systems. F-Secure Security Labs is working on a `behavioural blocking' mechanism that can be built over signature-based technology.

According to a recent survey by F-Secure, about one lakh computer viruses were discovered last year and about 1.5 lakh more are expected this year. Patrik Runald, Senior Security Specialist, F-Secure, says most virus attacks are targeted at a company or an important person.

"There are cases of viruses being sent through resumes in response to a company's advertisement for vacant positions. In such cases, a Human Resources manager would never suspect a virus — and open the resume file," he says. Common file extensions such as .exe, .xls, .doc and .ppt are used for targeted attacks.To prevent such attacks, F-Secure's solution `Deep Guard' works on behavioural blocking technology that monitors the behaviour of a computer in real time. Monitored behaviour can include attempts to open, view, delete, or modify files, changing the logic of executable files and computer settings, besides scripting and sending e-mails with self-executable content.

If the behaviour blocker detects a program likely to initiate malicious behaviour, it will block the same, says Runald.

But this system also has its drawbacks. To identify the complete behaviour pattern of a malicious code, it must be run on the computer. During execution, a virus may misplace many files existing in the computer before finally being detected and blocked by the behavioural blocker. For the user, this misplacement of files is as bad as a virus-affected machine.Foolproof or not, Internet security providers are certainly working on new approaches to take us closer to a virus-free world.

archana@thehindu.co.in

More Stories on : Viruses | Security

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
One key to many locks

PCs and Macs
`We do IT differently'
Changing times at HCL
`Keep the innovation going'
Of software and tax
Privacy carried too far?
No entry for viruses
It's that time of the year
`Cutting-edge' technology
Quiz
Take guesswork out of outsourcing engagements
Cartoon

The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription
Group Sites: The Hindu | The Hindu ePaper | Business Line | Business Line ePaper | Sportstar | Frontline | The Hindu eBooks | The Hindu Images | Home |

Copyright © 2006, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line