This post is also available in: עברית (Hebrew)
In the old days of the home computing, malware – viruses, computer worms, and trojan horses – ranged from the relatively harmless prank to nihilistic destruction of whole computer systems. Now, viruses no longer gleefully announce their presence. Over the years the nature of the threat has changed. Malware writers take pains to obfuscate their activity in order to achieve their aims. Insidious software is designed to stealthily take over your machine, to harness it to so-called botnets that are used for targeted attacks, or to steal your private information directly.
With the changing nature of the threat, the response to it must change as well. Antiviruses are insufficient against code that operates on a level below that of the operating system. Rootkits infiltrate the substrate of the computer to hide malicious code away from the defensive software. Firewalls, on the other hand, have no insight into the problems plaguing individual computers.
An international team of researchers are now tackling this problem. They have designed a browser add-on that combines the powers of antivirus software with the network protection abilities of firewalls to detect and thwart the spread of malware.
Bilal Shebaro of St. Edward’s University in Austin, Texas and Mohammed Al-Saleh of Jordan University of Science and Technology in Irbid have developed the add-on to allow antivirus software to scan the network as well as locally installed software, and so to detect malware that may have been missed by disparate defence mechanisms.
The system has little additional overhead, and offers increased protection, the team says. “Together with the existing network-based anti-malware software, our solution will offer client machines better protection that has no significant overhead on the protected system.”
Their findings are available in the International Journal of Electronic Security and Digital Forensics.