New Microsoft virus patent

*sigh*, now I'm really getting either way too drunk or terribly exhausted of this Redmond company. Ars Technica writes on a new patent Microsoft got after two years of waiting on it. The patent describes as: "...A system, method, and computer readable medium for the proactive detection of malware in operating systems that receive application programming interface (API) calls is provided. A virtual operating environment for simulating the execution of programs and determining if the programs are malware is created. The virtual operating environment confines potential malware so that the systems of the host operating environment will not be adversely effected. During simulation, a behavior signature is generated based on the API calls issued by potential malware. The behavior signature is suitable for analysis to determine whether the simulated executable is malware...." So what do I actually read here? Yes, they sum up all the methods a certain DLL library calls and walks patterns over it to detect "suspicous" API-calls! Well, that certainly doesn't sound very innovative nor such a good solution. Why couldn't they come up with a good security model that would deny the API calls in the place? That company keeps amazing me....
Categories: 

Comments

Indeed, sanboxed execution. But they somehow capturing the calls to the Windows API to make a fingerprint/hash out of it. That's a difference to normal "sandboxed execution" imho.

Well, basically I read this more like they patented sandboxed execution, which is a pretty normal technique in av since many years.

It's amazing how crappy the uspo is at their search for prior art.

Add new comment