Curious as to what Microsoft has been filing patents for after their recent patent claims against Linux, I came across a very interesting patent filed on July 12th related to Malware.
The goal of the system is to reduce the vulnerability window from when malware is first introduced into the wild to the time a fix is introduced. This will have the effect of reducing the number of overall systems infected worldwide. The vulnerability window is covered in Fig. 1 of the filing.
The system calls for a Server that is responsible for receiving and monitoring data from clients running monitoring software. As each client reports in, the server will check the data against a known database of malware. If the data is new, it can request secondary data to be collected from the client machine which includes the binary file (.exe), memory dump of the process itself and a crash dump that contains all the data in physical memory at the time. This check can also prompt the client computer to stop the installation of potential malware or allow the installation to continue to collect more data. Figures 2 and 3 cover the network setups involved and what is contained within the server and clients.
The system will be monitoring for changes to Auto Start Extension Points (ASEP’s) which indicate potential malware injecting itself into system startup processes, Browser Helper Objects (BHO) etc. Once the change is registered, the software will work it’s way through it’s programming determining what to do, data to record, etc. to collect as much information as needed to allow developers to engineer a corrective fix in the shortest time possible. Figures 4 and 5 illustrate what the software will use to determine the direction it will take with potential malware.
I can see this being used in the Forefront line of security software to provide companies a stronger line of defense against malware that it’s users bring into the corporate network. The software, as part of it’s collection process, records which user triggered the malware insertion. This will better enable IT staff to determine which users are chronic offenders and allow them to give focused training towards users that don’t think before they click.
Microsoft looks to be proactive with the problem of malware head-on instead of reactive with this patent, and that can’t be a bad thing.
The filing, of course, is intricately more detailed than my summary here, so head on over and check it out if malware detection is of interest to you.
Tags: Microsoft Malware Data Collection Patent filing
[…] Link to Article linux Malware Data Collection patent filed by Microsoft » Posted at James […]
[…] Full Article […]
Interesting & MUCH appreciated. Microsoft about a year back was putting A LOT of effort into their AV products (both consumer and corporate) - Codename Jamaica and Atlanta. Looks like they are finally making progress. That being said…. even then MS ITG wouldn’t even look at their products due to scaling issues… oh well.
This, coupled with their Forefront Security client could have some serious potential to make some inroads against McAfee and Symantec if they implement it right. I’m curious to see how this turns out in the end for sure.