New approaches on attacking malware

A new category of antimalware tools has emerged, neither gateway tool nor desktop cleaner. This approach manipulates executable file permissions to actively allow, deny or limit the running of any computer program.

Instead of trying to recognize malware, this approach uses whitelists, blacklists and policies to set Windows permissions for executables, even if logged in as an administrator. SecureWave's Sanctuary, Green Border Technologies' GreenBorder Pro, Savant Protection and Winternals Software's Protection Manager are some products in this category.

For example, Protection Manager (starts at $25 per managed computer) uses Windows privilege levels to deny the running of an unknown application, run a known application with reduced privileges, or allow an application full access to files/directories, including operating system directories. Letting a program run at a lower privilege level denies the program access to Windows system directories and files, for example.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

A new category of antimalware tools has emerged, neither gateway tool nor desktop cleaner. This approach manipulates executable file permissions to actively allow, deny or limit the running of any computer program.

Instead of trying to recognize malware, this approach uses whitelists, blacklists and policies to set Windows permissions for executables, even if logged in as an administrator. SecureWave's Sanctuary, Green Border Technologies' GreenBorder Pro, Savant Protection and Winternals Software's Protection Manager are some products in this category.

For example, Protection Manager (starts at $25 per managed computer) uses Windows privilege levels to deny the running of an unknown application, run a known application with reduced privileges, or allow an application full access to files/directories, including operating system directories. Letting a program run at a lower privilege level denies the program access to Windows system directories and files, for example.

Doing this lets you allow Microsoft Word to have free access to all directories except system directories. Beyond whitelists, Protection Manager works "on demand" to let users dynamically adjust an application's privileges, or (if desired) stop an application.

When a user unwittingly clicks on a Web page link that downloads malware on a machine protected by the software, Protection Manager intercepts the launch of the malware and prevents it from running. Protection Manager features can be managed from a central location, and it integrates with Active Directory to let administrators easily protect whole groups of users in one fell swoop.

Microsoft was so impressed with Protection Manager that it bought the Winternals Software company.

< Previous: Zero-latency approach gives FaceTime edge | Next: Still no 'malware' definition >

Read more about security in Network World's Security section.