Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Approach To Malware Modifies Linux Kernel

Posted by timothy on

Hugh Pickens writes "Professor Avishai Wool has unveiled a program to watch for malware on servers with a modification to the Linux kernel. 'We modified the kernel in the system's operating system so that it monitors and tracks the behavior of the programs installed on it,' says Wool. Essentially, Wool says, his software team has built a model that predicts how software running on a server should work (pdf). If the kernel senses abnormal activity, it stops the program from working before malicious actions occur. 'When we see a deviation, we know for sure there's something bad going on,' Wool explains. Wool cites problems with costly anti-virus protection. 'Our methods are much more efficient and don't chew up the computer's resources.'"

8 of 170 comments (clear)

  1. Help! by i_liek_turtles · · Score: 5, Funny

    It's stopped me from running Vista in a VM...

    1. Re:Help! by Anonymous Coward · · Score: 4, Funny

      How is this off-topic? The mods must have been infected!

    2. Re:Help! by Anonymous Coward · · Score: 5, Funny

      That's nothing. I ran it in a virtual machine on Vista. It broke out, took over the machine, and put vista in a vm.

  2. Oh great. by bigtallmofo · · Score: 5, Funny

    They recently unveiled a unique new program called the "Korset" to stop malware on Linux...and once it reaches its full potential it could put anti-virus software companies out of business.

    Doesn't our economy have enough problems? Do we really need to put Linux anti-virus vendors out of business? Next we'll probably drive the ice vendors in Alaska to bankruptcy!

    --
    I'm a big tall mofo.
    1. Re:Oh great. by fuzzyfuzzyfungus · · Score: 5, Funny

      Oh, don't worry. Things are just warming up for the ice vendors...

  3. Re:This could be a serious problem! by Anonymous Coward · · Score: 1, Funny

    If I stop surfing pr0n ...

    Why deal with hypotheticals that we know will never occur in real life?

  4. Re:premise to shutdown by Qzukk · · Score: 4, Funny

    This has greatly increased the online sales of weight-loss products although mostly from browsers identifying themselves as Internet Explorer

    Linux users were terminated by their modified kernel after it detected that they were exercising ;)

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  5. Re:Heuristic scanning v2.0? by liquiddark · · Score: 2, Funny

    So basically it shuts down malware and buggy software. Holy fuck, somebody kill this thing - we're all out of a job if this catches on.