ON THE day a new computer virus hits the internet there is little that antivirus software can do to stop it until security firms get round to writing and distributing a patch that recognises and kills the virus. Now engineers Simon Wiseman and Richard Oak at the defence technology company Qinetiq's security lab in Malvern, Worcestershire, UK, have come up with an answer to the problem.
Their idea, which they are patenting, is to intercept every file that could possibly hide a virus and add a string of computer code to it that will disable any virus it contains. Their system chiefly targets emailed attachments and adds the extra code to them as they pass through a mailserver. A key feature of the scheme is that no knowledge of the virus itself is needed, so it can deal with new, unrecognised "zero day" viruses as well as older ones.
Many mailservers already block attachments that will run as executable programs - such as PC files with a .exe suffix - in case they are viruses. But virus writers have tricks up their sleeve to get round this. For example, they can disguise files as an innocent Microsoft Word (.doc) or Adobe Acrobat (.pdf) file, and then fool unsuspecting users into converting them into an "executable" program file that will run on their computer.
Qinetiq aims to prevent this by inserting a line of machine code - the raw code that microprocessor chips understand - into the header area of incoming files. This is the part of the file that holds the formatting data that defines such aspects as a document's layout and fonts.NewScientist
Everything that irritates us about others can lead us to an understanding of ourselves. -- Carl Jung
eVGA X58 tri-SLI, i7 930 @ 3.8GHz., Corsair 6GB Dominator, Inno3D GTX470, eVGA260
ASUS P8P67 Pro, i7 2600K @4.60 GHz, 8GB RAM, eVGA GTX 460