18 October 2014
The Trusteer approach to malware protection could be ground-breaking in the defence of zero-day exploits and phishing attacks.
Trusteer analysed millions of applications exposed to the Internet and created lists of valid application states and operations in a database.
For example, saving a web page to OneNote is a legitimate operation when it’s run from a process created by the user. In this case the Windows Explorer is the so-called parent process. If this operation is performed by an internet explorer process that has no valid parent process, it is very likely that a malicious operation is executed.
A watchdog process is monitoring the applications exposed to the Internet. If an application executes a sensitive operation the watchdog process checks its database and approves the operations if it’s valid. Invalid operations are rejected.
Brilliant idea! A watchdog process that checks the state of an application. I would…
View original post 252 more words