Kaspersky Lab has successfully patented yet another bit of security technology. This time it is a new heuristic analysis technology which allows security ratings to be assigned to software based entirely upon behaviour patterns during emulation. Is this something to get excited about? Well, yes, if you look beyond the marketing spin and focus on what Kaspersky is actually doing here. The point being that with existing methods there are no 100 percent guarantees that new malicious programs can be detected, a typical chicken and egg situation which would require new technologies to detect and block potential new threats to be incorporated into the security solution. Kaspersky Lab reckons the new heuristic analysis method, which was developed by Nikolay Grebennikov, Oleg Zaitsev, Alexey Monastyrsky and Mikhail Pavlyushik, based on a system of rules can accurately assign a security rating to different processes. Using a constantly expanding system of rules, and ensuring that the most popular operations used by malicious programs are properly indicated (access to different parts of the registry, access to the Internet etc) the technology will express each such operation as a percentage to reflect a potential security risk level. When the operation is actually executed, the cumulative potential security rating of a process will increase and so as the rating grows this means different access restrictions to certain resources are introduced. Hostile activity by malicious programs can therefore be prevented at the outset by blocking access to the resources it needs to execute such activity in the first place. Kaspersky reckons that the new security rating methodology can increase the effectiveness of protection as well as increasing user-friendliness.
"Kaspersky Lab’s patented Security Rating technology is designed to automatically generate sets of rules for unknown applications" says Nadia Kashchenko, Chief Intellectual Property Counsel, Kaspersky Lab. "This technology is crucial for ensuring the transparency of antivirus solutions and for minimizing the need for product configuration by users."