|
New approaches to virus protection |
|
|
|
Source: H Security - Posted by Alex
|
The Internet Storm Center (ISC) has made the effort to list the hash values of around 40 million programs contained in the US National Software Reference Library (NSRL) in a database in such a way that they can be retrieved via a web front end. This potentially presents an alternative to anti-virus scanners searching for malicious code.
The US NIST maintains a comprehensive collection of known programs and generates hash values of the files they contain. These allow the files to be identified conclusively. At present, the collection is mainly used for excluding standard files in forensic investigations. However, it could also be used for avoiding problems such as false alarms triggered by standard files.For example, on Monday anti-virus vendors sounded a false alarm saying that a file belonging to AutoCAD, AcSignApply.exe contained mailware; If Avira, Kaspersky, F-Secure and other anti-virus vendors had queried the NIST database beforehand they would have known that the NIST lists the AcSignApply.exe file as a known AutoCAD file with an MD5 hash value of 5A3DA649CBBB4502559AA24972E0F302. While this is no automatic guarantee that the file doesn't include some sort of back door, it would at least have allowed the vendors to avoid a false alarm apparently based on very weak evidence.
Read this full article at H Security
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
