The administrator's guide to behaviour blocking

Carey Nachenberg Symantec Corporation
Stephen Trilling Symantec Corporation

Over the past year and a half, blended threats - threats that combine worm-like propagation with hacking and Denial of Service techniques - have spread incredibly rapidly, causing billions of dollars of damage to corporations. The massive penetration of these infections has underscored the limitations of traditional anti-virus software and the need for new, complementary solutions.

While there is no silver bullet against these latest threats, behaviour blocking represents a complementary technology with great potential to stave off these fast-spreading infections. Unfortunately, there is a great deal of confusion surrounding behaviour blocking and its capabilities and weaknesses. This paper will give a primer on behaviour blocking and propose several possible avenues of research that may yield fruitful results. Specifically, the paper will explore how pharmaceutical and biologically-inspired techniques can serve as a template in the design of the next generation of behaviour blocking systems. Such biologically-inspired systems may address many of the current issues with behaviour blocking and offer corporations a new tool in the fight against malicious mobile code.

VB Conferences

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘In terms of networking, this conference has been superb.’

Poll

Who in your company is responsible for installing software patches?

Leave a comment

VB100 certification

The final VB100 of the year sees a double whammy of potential pitfalls for our comparative participants - the Vista operating system, which still seems shiny and new as well as a little scary (to both developers and users), as well as the x64 architecture, whose ostensible compatibility with standard 32-bit software belies oddities and intricacies that developers ignore at their peril. The announcement of the test brought a few surprises, as several regulars opted to skip this one, but the majority of veteran competitors took part as usual, along with several newer faces, many of whom look set to join the ranks of our regulars.
See full results.

Virus Bulletin currently has 148,281 registered users.

Fighting malware and spam