Saturday, June 24, 2017
Home / Malware / New service for mitigating false positives

New service for mitigating false positives

A team of  security researchers put forth the idea that software packers (used to obfuscated and protect the code within a executable) which incorporated a licence key in the packer, to ensure that anti-malware solutions could identify legitimate from malicious use and, if required, blacklist those keys utilized by malware authors.

The security experts, Symantec’s Mark Kennedy and McAfee’s Igor Muttik talked about the “software taggant system” at VB2011 and VB2012, and about “clean file metadata exchange” at VB2013.

These techniques would assist anti-malware solutions and  avoid blocking the files as false positives.

The work they do, in addition to that of others within the IEEE, has resulted in the IEEE Anti-Malware Support Service, that allows program developers to send file metadata and packer certificates and lets security companies acquire this data (for a small fee). Additional information is available on the service’s page at the IEEE’s official site.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …