The administrator's guide to behaviour blocking presented at Virus Bulletin 2002

by Carey Nachenberg (Symantec corporation),


Summary : Over the past year and a half, blended threats - threats that combine
worm-like propagation with hacking and Denial of Service techniques - have spread incredibly rapidly, causing billions of dollars of damage to corporations. The massive penetration of these infections has underscored the limitations of traditional anti-virus software and the need for new, complementary solutions.While there is no silver bullet against these latest threats, behaviour blocking represents a complementary technology with great potential to stave off these fast-spreading infections. Unfortunately, there is a great deal of confusion surrounding behaviour blocking and its capabilities and weaknesses. This paper will give a primer on behaviour blocking and propose several possible avenues of research that may yield fruitful results. Specifically, the paper will explore how pharmaceutical and biologically-inspired techniques can serve as a template in the design of the next generation of behaviour blocking systems. Such biologically-inspired systems may address many of the current issues with behaviour blocking and offer corporations a new tool in the fight against malicious mobile code.