Saturday, February 23, 2008

what is behaviour blocking?

behaviour blocking is the process of monitoring the behaviour of software running on a system and stopping any behaviour that is considered unauthorized or bad...

in the distant past behaviour blockers blocked a relatively simple list of behaviours without regard for which program was performing them... in effect, they enforced simple behavioural blacklists... even with a simple list of behaviours there was no behaviour that was unique to malware so there were times when the behaviours being intercepted needed to be allowed to continue - leading behaviour blockers to continually ask the user whether this or that behaviour should be allowed...

over the years the concept has become much more sophisticated and configurable - monitoring more types of behaviours and allowing certain behaviours to go unchallenged when performed by programs that are authorized to perform them (in essence adding behavioural whitelisting to it's repertoire) while blocking others automatically... this type of sophisticated behaviour blocker is now more widely referred to as an HIPS (though it's not the only thing referred to as such)...

back to index

0 comments: