IDG News Service - Researchers at IBM's Almaden Lab have developed a way to keep those nasty worms and viruses from running on computers, without the use of antivirus software.
The project is the brainchild of researcher Amit Singh, who has been working for several years on techniques to simplify PCs. Two years ago, Singh could see that computers were being choked by the growing amount of security and management software they were using, and he and fellow researchers Anurag Sharma and Steve Welch set about developing software that would make PCs easier to use.
The solution: a research project called the Assured Execution Environment (Axe), which takes a very strict approach to controlling what's run on a computer.
Thanks to a patented IBM technique, Axe loads special "Axe runtime," software into the central part of the operating system, called the kernel, every time the PC is booted up. It then polices every piece of software that's run on the machine, making sure that only authorized code gets used.
Unlike antivirus software, Axe doesn't do this by policing for dangerous software. It simply prohibits any code from running unless it has been preconfigured into a special Axe-friendly format, something the IBM researchers say they can make it virtually impossible for spyware and virus writers to do.
"We are making every machine a unique OS," said Singh, who added that Axe works with both the Windows and Mac OS operating system kernels.
Users or administrators could use a variety of techniques, including encryption, to ensure that unauthorized software could not be run without their permission. They could also use Axe to make sure that certain programs were run only on specific machines or even use Axe techniques to make data unreadable, to keep Word or PowerPoint documents away from prying eyes.
The Axe developers say that because some users may not want to have every piece of software they run on their machine "blessed" by a central IT administrator, they have built some flexibility into the software's design. PCs can be configured to allow unknown software to run, but only when approved by the user, or they can set unknown software to run only in a virtual machine environment, where it can't do as much damage to the base operating system.
This idea of creating a "whitelist" of authorized applications is going to be more widely adopted by security vendors, because the traditional antivirus technique of blocking known malware is simply becoming too unwieldy, said Yankee Group Research Inc. analyst Andrew Jaquith. "Whitelists are probably
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
