Scientists at IBM’s Almaden Labs have developed a new technology that can prevent viruses and computer worms without the need for any antivirus software.
This invention comes from scientist Amit Singh, who has been researching techniques for simplifying personal computers for many years. Two years ago, Singh discovered that computers were becoming overloaded with security and management software, and together with colleagues Anurag Sharma and Steve Welch, he developed software to make computer usage easier.
His research team conducted a study project called Assured Execution Environment (AXE), which employs a method to tightly control what runs on a computer.
With a technique patented by IBM, AXE will load “AXE runtime“, a special software into the core of the operating system, also known as the kernel, every time the computer is booted. This software will then monitor all parts of the operating software on the computer and ensure that only authorized code can execute.
Unlike traditional antivirus software, AXE does not monitor for malicious software to perform its control. Instead, it simply prevents any code from being executed unless that code has been pre-configured in a special format compatible with AXE, a process that IBM scientists claim virus and spyware authors cannot replicate.
Singh stated: “We are making the operating system on each computer unique“. He also mentioned that AXE currently works with the kernels of both Windows and Mac operating systems.
Users or administrators can employ a variety of techniques, including encryption, to ensure that unauthorized software cannot run without their approval. They can also use AXE to guarantee that certain programs can only run on specific computers, or even apply AXE techniques to protect sensitive data from being read by others, preventing unauthorized viewing of documents on the computer.
The developers of AXE noted that since some users might not want all software they run on their computers to be monitored by an IT administrator, they have included flexible features in the software design. Computers can be configured to allow anonymous software to operate, but only with user consent, or users can set up to run anonymous software in a virtual computer environment to reduce risks to the operating system.
According to analyst Andrew Jaquith from Yankee Group, the idea of creating a “whitelist” of permitted software is becoming increasingly popular among security firms as traditional antivirus techniques, which block identified malicious software, have become cumbersome. He stated: “Whitelists may be the method of the future“. He mentioned that other companies like SecureWave and Bit9 have also used similar security approaches.
However, the downside of whitelists is that they can create management complexities since network administrators must intervene whenever any software is upgraded. Andrew remarked: “If Microsoft sends a patch, users may need to re-register upgraded applications. The issue here is not whether this technology works but whether it can be managed“.
IBM plans to offer this software to a select group of trial customers next year, once they have gained better insights into managing AXE.
Source: ND/PCWORLD
