New behaviour detection software on way

A new behaviour-based detection software product is due to hit the market in May, designed to catch, quarantine and eradicate malware not ordinarily detected by signature-based antivirus products.

Share

A new behaviour-based detection software product is due to hit the market in May, designed to catch, quarantine and eradicate malware not ordinarily detected by signature-based antivirus products.

Start-up firm NovaShield says its Windows-based software for PCs will recognise activity from keyloggers, Trojans, and botnets, and block them from executing.

NovaShield is primarily intended for consumers as it has no central management. It will block drive-by downloads of malware, by alerting users that suspicious activity is occurring.

"In this instance, there would be an alert to the user about web activity," says Somesh Jha, chief scientist and co-founder of NovaShield. "Once we flag these executables as suspicious, we block them. But we do offer the user a way to override it."

The move comes as several major anti-malware vendors, including McAfee, Symantec, Trend Micro and WebSense, are also tackling the problem of drive-by downloads, offering both signature-based and behaviour-based detection products.

But the approach to malware detection that NovaShield is taking probably bears the most resemblance to that of behaviour-based security product provider Sana Security, Jha says.

The NovaShield software monitors files, registry, process and events on Windows XP-based machines, using what Jha calls NovaShield's own "specification-based monitoring" to ensure secure interaction between application programs.

Pricing for the NovaShield software hasn't been announced. However, once it's out, NovaShield plans a free trial version to be available.