How to Combat Malware Threats with Behavior-Based Anti-Malware

By Somesh Jha  |  Posted 2009-02-25 Print this article Print

The amount of malware threats on the Internet has increased significantly over the past two years. New Web 2.0 tools only increase the dangers for PC users. As more kinds of devices connect to the Internet, the anti-malware industry needs to move from signature-based detection to behavior-based detection when combating malware threats. Here, Knowledge Center contributor Somesh Jha explores in detail the shortcomings and advantages of signature-based and behavior-based anti-malware approaches.

Social media networks are growing at an astounding rate. Facebook reportedly has passed 160 million users worldwide. Other social networks are growing at fast rates too. We are surrounded by fun and useful Web 2.0 technologies that help us collaborate and create our own content. Unfortunately, this also means we face escalating security vulnerability risks. There has recently been an unsettling increase in the amount of malware on the Internet.

The very architecture for Web 2.0 tools that allow for greater interactivity also open up new venues for computers and networks to be attacked by malware.

Organizations are now using Web 2.0-based solutions and social media networks in their workplace. There are many companies now who have eight or more of these applications in use on their networks. This trend of people using more Web 2.0 applications at work and at home has increased malware attacks and corporate data leaks-and the costs to repair them.

Most collaborative and interactive Web applications require code to run inside a user's browser. Online scripts using Flash and JavaScript are becoming part of the Internet user's everyday life. Web vendors only need to look at the successes of Google Docs, Facebook and YouTube to see the value in embedded programming running inside a browser. As would be expected, this process continues to accelerate as processes and applications follow documents and other files into the Internet cloud.

The problem in all of this is that code can be easily manipulated to allow entry into computers or networks. With so much of the Web now using code run in the browser to function, you cannot really just turn the scripts off and still enjoy the utility of the Web. Browser is the new operating system. The escalating functionality of what users can do within their browsers means there is also an increasing number of ways that malware can enter computers and networks-as a house becomes a mansion and it has more windows to see out, there are also more ways for thieves to break in.

Where once Internet users had to beware of clicking suspicious links in e-mail or downloading unknown programs, malicious programs can now come in many more forms. They do not always require mistaken consent to infect a computer. Malicious code has been found operating in advertisements running on Flash, rich HTML in e-mails and in many forms of JavaScript functions.

To combat these types of threats, the industry is moving from signature-based anti-malware to behavior-based approaches. Let's explore these in detail.

Dr. Somesh Jha is co-Founder and Chief Scientist of NovaShield. He has more than 19 years of research and development experience (both academic and industrial) in security and IT. He is currently a member of the faculty at the Department of Computer Science at the University of Wisconsin-Madison. He focuses primarily on computer system security and is a frequent speaker at security-related conferences and events across the United States. Dr. Jha has been recognized through numerous awards including the NSF CAREER award, ACM SIGSOFT distinguished paper award and best paper award at ACSAC. He also conducted four years of advanced research during a postdoctoral fellowship at Carnegie Mellon University's Computer Emergency Response Team (CERT). He also serves on the editorial board of the Journal of Computer Security, and on the program committees for WORM05, RAID05, USNIX Security Symposium and WWW (Security and Privacy Track). Dr. Jha completed his PhD in Computer Science at Carnegie Mellon University and B.Tech in Electrical Engineering from IIT-Delhi, India. He can be reached

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel