This new approach is called "Korset," and requires a recompile of the operating system's kernel to include some watches or keys that look at the way the machine is setup to run software. Basically, his invention examines how a normal machine operates. And whenever the kernel identifies patterns of internal software use that do not look like the normal operations of the machine, it halts the system until the cause can be examined.More info at TG Daily.
Now this examination of how a normal machine operates is given in very high level terms for explanation. It doesn't mean that if a new software program is installed Wool's invention will prevent you from using it. But what it does do is look at some of the internal patterns that installed software is known to use. For example, when many programs are launched they will access certain registry keys to determine where the window should be situated, what custom controls have been added or moved around, etc. This is a normal activity for an application. If, however, it suddenly begins accessing the Internet the kernel could identify that as new behavior.
In the case of a virus, that would mean that a malicious application could be contained before any damage is done. “When we see a deviation, we know for sure there’s something bad going on,” Wool explains. In short: Whereas no anti-virus attempts can truly stop every possible virus, Wool's invention can provide network servers, mail servers and other user machines with a way to immediately identify system changes which would indicate the presence of a virus.
Researchers develop new approach to fight computer viruses
Posted on Monday, September 15 2008 @ 6:21 CEST by Thomas De Maesschalck
Israeli researchers have developed a new approach to battle computer viruses. It's an extra safety net that works a bit as a firewall: