Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Detecting unknown computer viruses

03.03.2006


PhD Student Tom Lysemose is the world’s first to have developed software that is able to effectively detect attacks by an unknown computer virus.



Possible customers include the large anti-virus companies. A problem with today’s anti-virus software is that they can only protect from known viruses. Unknown viruses are not stopped.

A great number of viruses exist. Some of these viruses need active handling by the user in order to infect a computer, such as when someone is tricked into opening an infected e-mail attachment. Other viruses are more crafty. Without a user being aware that he has made a single mistake, the virus can attack software and take control of the computer, resulting in, for example, all documents being deleted.


The explanation for how these unpleasant events are possible is that very many computer programmes contain programming errors. The most common is called Buffer Overflow.

-Embarrassingly enough, this programming error is also made by those who write anti-virus software, such as Symantec, explains Tom Lysemose. But he points out that such programming mistakes are common for all programmers who write in C, one of the world’s most common programming languages.

-The web browser Internet Explorer is one such example. Programming errors can also be found in the IP-telephony system Skype and database software from Microsoft called SQL Server. In 2003 things went terribly wrong. That’s when the virus Slammer automatically took control over a great deal of database servers. These are super-fast machines, so the virus could spread extremely fast. Although the virus was not especially destructive, it spread so widely that it slowed down the entire Internet. Systems over the entire world were affected, and even some banks’ automated teller machines were shut down,” says Tom Lysemose.

To understand Lysemose’s software, one needs a quick introduction to how Buffer Overflow is a unfortunate programming error.

Within a computer’s internal memory are a series of containers called buffers. When running a programme that communicates over the Internet, such as a web browser, the technology functions so that the contents in the buffers of the network server are transferred to the buffers in the computer.

One example is when a password is entered on a web page. The password is stored in its own buffer on the local computer. Consider, for example, that this buffer could only have enough space for eight characters. If the programmer forgets to check the buffer size, the buffer runs over if someone enters more than eight characters.

Unfortunately, not all programmers are aware of this. If those who write software have not included a routine that checks if enough room exists in the buffer, the areas that are physically next to the buffer will be overwritten. This is extremely regrettable. The computer gives no warning and continues to run as if nothing has happened.

Unfortunately, the overwritten areas can hold important instructions for the software that’s running, such as "Please provide an overview of all my documents".

This is exactly the type of weakness that virus creators exploit. They can make a virus that sends a larger data packet than the computer’s buffer capacity. If the hacker discovers exactly where the most important instructions are located, the virus can be programmed so that it overwrites these instructions with completely different commands, such as "Delete all of my documents now". And then the user is out of luck.

This is exactly when Tom Lysemose’s innovation comes in. His programme, which is named ProMon, cannot prevent an unknown virus from attacking a buffer and the areas around it, but ProMon monitors programmes to ensure that they do not do things that they are not programmed to do. This means that ProMon will stop a programme if the programme suddenly begins to do another thing.

This solution is a new way of thinking about virus prevention. All modern software is built up of modules. Modules communicate with each over and with the operating system on the computer. Between the modules are well defined transaction limits.

-The point is that ProMon works within a programme, such as the web browser Internet Explorer, in order to monitor the interaction between the programme’s modules. As long as the programme performs legitimate transactions between its modules, ProMon does nothing. But if an illegal transaction occurs, ProMon decides a virus has attacked and promptly stops the programme,” explains Tom Lysemose.

He stresses that his anti-virus software can monitor any programme. His programme is not alone on the market, but all the tests that Tom Lysemose has performed have shown that his programme is 30 times faster than his competition from Massachusetts Institute of Technology.

The product will be introduced to the large anti-virus companies in March

Thomas Evensen | alfa
Further information:
http://www.ifi.uio.no/english/
http://www.forskningsradet.no

More articles from Information Technology:

nachricht 'Building up' stretchable electronics to be as multipurpose as your smartphone
14.08.2018 | University of California - San Diego

nachricht New interactive machine learning tool makes car designs more aerodynamic
14.08.2018 | Institute of Science and Technology Austria

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: New interactive machine learning tool makes car designs more aerodynamic

Scientists develop first tool to use machine learning methods to compute flow around interactively designable 3D objects. Tool will be presented at this year’s prestigious SIGGRAPH conference.

When engineers or designers want to test the aerodynamic properties of the newly designed shape of a car, airplane, or other object, they would normally model...

Im Focus: Robots as 'pump attendants': TU Graz develops robot-controlled rapid charging system for e-vehicles

Researchers from TU Graz and their industry partners have unveiled a world first: the prototype of a robot-controlled, high-speed combined charging system (CCS) for electric vehicles that enables series charging of cars in various parking positions.

Global demand for electric vehicles is forecast to rise sharply: by 2025, the number of new vehicle registrations is expected to reach 25 million per year....

Im Focus: The “TRiC” to folding actin

Proteins must be folded correctly to fulfill their molecular functions in cells. Molecular assistants called chaperones help proteins exploit their inbuilt folding potential and reach the correct three-dimensional structure. Researchers at the Max Planck Institute of Biochemistry (MPIB) have demonstrated that actin, the most abundant protein in higher developed cells, does not have the inbuilt potential to fold and instead requires special assistance to fold into its active state. The chaperone TRiC uses a previously undescribed mechanism to perform actin folding. The study was recently published in the journal Cell.

Actin is the most abundant protein in highly developed cells and has diverse functions in processes like cell stabilization, cell division and muscle...

Im Focus: Lining up surprising behaviors of superconductor with one of the world's strongest magnets

Scientists have discovered that the electrical resistance of a copper-oxide compound depends on the magnetic field in a very unusual way -- a finding that could help direct the search for materials that can perfectly conduct electricity at room temperatur

What happens when really powerful magnets--capable of producing magnetic fields nearly two million times stronger than Earth's--are applied to materials that...

Im Focus: World record: Fastest 3-D tomographic images at BESSY II

The quality of materials often depends on the manufacturing process. In casting and welding, for example, the rate at which melts solidify and the resulting microstructure of the alloy is important. With metallic foams as well, it depends on exactly how the foaming process takes place. To understand these processes fully requires fast sensing capability. The fastest 3D tomographic images to date have now been achieved at the BESSY II X-ray source operated by the Helmholtz-Zentrum Berlin.

Dr. Francisco Garcia-Moreno and his team have designed a turntable that rotates ultra-stably about its axis at a constant rotational speed. This really depends...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

Within reach of the Universe

08.08.2018 | Event News

A journey through the history of microscopy – new exhibition opens at the MDC

27.07.2018 | Event News

2018 Work Research Conference

25.07.2018 | Event News

 
Latest News

'Building up' stretchable electronics to be as multipurpose as your smartphone

14.08.2018 | Information Technology

During HIV infection, antibody can block B cells from fighting pathogens

14.08.2018 | Life Sciences

First study on physical properties of giant cancer cells may inform new treatments

14.08.2018 | Life Sciences

VideoLinks
Science & Research
Overview of more VideoLinks >>>