New Approach To Malware Modifies Linux Kernel

Hugh Pickens writes "Professor Avishai Wool has unveiled a program to watch for malware on servers with a modification to the Linux kernel. 'We modified the kernel in the system's operating system so that it monitors and tracks the behavior of the programs installed on it,' says Wool. Essentially, Wool says, his software team has built a model that predicts how software running on a server should work (pdf). If the kernel senses abnormal activity, it stops the program from working before malicious actions occur. 'When we see a deviation, we know for sure there's something bad going on,' Wool explains. Wool cites problems with costly anti-virus protection. 'Our methods are much more efficient and don't chew up the computer's resources.'"

Re:Not a good article, but an interesting paper.

[supernova_hq]

this is an os-agnostic approach to stopping malware, they just used the linux kernel because its free.. don't be surprised if you see these kind of features appearing in every major compiler/os over the next few years.

The day Microsoft does anything truly smart to prevent malware is the day they switch to a linux kernel!