SAN FRANCISCO - Microsoft's revelation last week that it is adopting a new approach to computer security dubbed "behavior blocking" represents a radical shift in the company's software design strategy that could pay off for attack-weary Windows users, industry watchers say.
Microsoft's embrace of behavior blocking - a technique for protecting applications and operating systems from worms and other attacks by recognizing when computers aren't acting like themselves - was one of several security initiatives outlined by the company and others at last week's RSA Conference. Behavior blocking, already available from Cisco, Network Associates and others, is seen as complementing signature-based anti-virus tools.
Bill Gates, Microsoft's chairman and chief software architect, outlined the "active protection technology" effort during a keynote address.
"You can really think of this as taking the notion of secure-by-default to the next level," said Gates, who along with other Microsoft executives has been talking tough about security for the past two years under an initiative called Trustworthy Computing. "The system will truly know what actions are allowed for operating-system components and the applications that are running."
He described how it could help prevent the spread of worms that take advantage of unpatched vulnerabilities in Microsoft applications. "For example, the Blaster worm caused the RPC service to open a back door and download some malicious code on the machine. In this case, behavior blocking would recognize that this behavior is out of the ordinary for the RPC service and block it," he said.
Gates offered little detail about how or when the new technology would show up in products. But analysts say they expect the technology, obtained in part through Microsoft's acquisition last year of start-up Pelican Security, will be in Windows client and server software by year-end. Microsoft sources confirmed that is the goal.
Gartner analyst John Pescatore says Microsoft's effort to safeguard Windows networks via behavior blocking runs counter to the company's traditional way of designing software, which "was always about making things easier for the user. " That approach has led to more than its fair share of holes.
"To Microsoft, it's been foreign culture to try and stop anything," he says.
The biggest challenge in behavior-blocking software is making sure it doesn't "keep good things from happening too," Pescatore says.
Vendors already with behavior-blocking technology seemed unfazed by Gates' pronouncement.
Avert Research Security, a worm-watching group within Network Associates' McAfee division, last week announced it will begin issuing alerts about new software vulnerabilities and will add filtering safeguards or updates to McAfee's Entercept behavior-blocking product if necessary.
Microsoft's heightened interest in behavior blocking "validates these new methods are being required to solve the problems of today's world," says Jeff Platon, security products manager at Cisco, which sells behavior-blocking software based on technology obtained last year via its Okena acquisition.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment