BLADE: Can it stop drive-by malware?

[Borg 386]

Read more on this development here

BLADE: Can it stop drive-by malware? | IT Security | TechRepublic.com

BLADE (BLock All Drive-by download Exploits), the brainchild of researchers from College of Computing at Georgia Institute of Technology and SRI International, is positioned to help stem the tide of drive-by malware. A big deal according to Dasient.com, the company is tracking over 200 thousand different web-based malware threats.

To spot unsolicited download attempts, BLADE places the following processes in kernel space,

• User-interaction tracking: BLADE uses a screen parser, hardware-event tracer, and a supervisor to track the user’s physical interactions with the web browser, specifically when download authorization is asked for.
• Consent correlation: This process is required by BLADE to distinguish between transparent downloads and those requiring user permission.
• Disk I/O redirection: When BLADE locates un-authorized downloads, it redirects the code to a secure zone. The data is also prevented from loading into memory as an executable.

According to the research paper, almost 19,000 trials have taken place, with zero false positives and zero false negatives. Meaning, BLADE prevented in-the-wild drive-by malware from installing in every case.

I did point out that BLADE will not solve every problem, but it has promise to be a good tool in our security arsenal. If you are interested, check back at the BLADE-Defender.org web site, as BLADE V1.0 (a free research prototype) will be available soon.

 

[hackerman1]

hi !

i already know about BLADE, it looks really interesting.

but thanks for posting, others might find the info useful.

 

[Jaxryley]

Apparently you can stop all exe downloads in IE and FF with a simple reg setting?
Wilders Security Forums - View Single Post - cleaned pc using an antivirus