We all know and love to hate signature based blocking of malware but there are lots of other ways to tackle the problem of viruses, worms, and Trojans. Cisco Security Agent and Sana Security use a learning process and then block system calls that are outside the norm. Green Border uses a sand box approach. Websense uses a combination of white list and black list. eEye uses “methods”. Determina uses a “memory firewall”. A new one to me is Savant Protection. From my interview with Savant’s founder and CEO, Ken Steinberg, I learned of their CPU scheduling firewall. The theory is that every executable must request cycles on the CPU and that a shim between the scheduler and the kernel can enforce a policy about what gets to run and what gets blocked.
Listen to the podcast here. Ken has a great "radio presence".
Theme music for IT-Harvest ThreatCasts used with the permission of Hyperion Records