Frequent downloading of updated virus list is adviced to users to prevent any new viruses from infecting user's PC.  But it's a cat and mouse thing usually.  The hackers or virus writers are always one step ahead than the anti-virus providers.  The protection process is more of a reactive than pro-active action.

A new way of fighting intrusions is called Heuristic / Behavioral Detection.

Heuristic / Behavioral Detection comes in where signature based detections fall short. Their primary advantage lies in their ability to identify new, previously unidentified rootkits. They work by recognizing deviations in "normal" system patterns or behaviors. Various heuristics have been proposed for identifying rootkits based upon execution path hooking.

Running a behavioral-based detection engine first involves creating reference user profiles (users, workstations, servers, network streams, etc) in a clean environment. These behavioral profiles are then applied into the production environment and used to match differences between real time user profiles and reference profiles.

Matching a difference is done using statistical methods. A threshold based on the reference profile is calculated and if a production value exceeds the reference threshold, the operator is notified.

A statistical anomaly based Intrusion Detection Systems (IDS) highlights deviation from the general rule by building a profile of the host or network activity over time. When an event occurs which is outside this profile the IDS will alarm. For example, this happens in a Host IDS when a user suddenly performs a highly privileged function when he/she hasn't done so previously. Or, in the case of a network IDS, a profile is built of the network traffic over time, as this traffic shouldn't vary significantly without good reason. The IDS will then alert when the traffic steps outside certain parameters. As well as fulfilling a valuable security function the information is often extremely valuable to network administrators.

Behavior blocking software hooks into the operating system and monitors all behaviors in real-time blocking all malicious behaviors before they cause damage, and then alerting the administrator.  It also provides a proactive behavior-based run-time protection for new and unknown script-based attacks, triggering on all VBScript and JavaScript threats, without needing a specific definition or signature.

*****

If you want to get more technology/productivity tips, simply e-mail techtvhost@yahoo.com or visit www.infochat.com.ph for more articles.  God Bless us all!