Microsoft is currently alpha-testing its upcoming anti-virus product, according to industry sources.
The sources claim that the anti-virus software works as a behaviour blocker that monitors different events and actions on computers. If the event or action is typical of a virus or is harmful, it will be prevented.
Behaviour blockers do not use code signatures like traditional scanner-based anti-virus programs, so they may be able to protect against new types of viruses without being updated.
The anti-virus product was also referred to as an Intrusion Detection and Protection System by sources, indicating that it may work in conjunction with the Windows firewall.
An interesting feature of Microsoft's anti-virus software is that it is distributed, according to the sources. It communicates with other machines over a secure channel and learns from these.
Alpha-quality software usually does not have the complete list of features and may still have significant bugs.
Earlier press reports quoted Microsoft's technical head of security in France, Nicolas Mirail, who said the program will reference a regularly updated list of known viruses to check for infections. It will also analyse computers to see if they have been infected by viruses in the past, and attempt to advise users on how big a risk they stand in the future.
In 2003, Microsoft bought Romanian anti-virus supplier GeCAD and Pelican Security Software, which makes behaviour blocking software. Technology from both companies will be incorporated in the new anti-virus product. The release date is not yet known.
Microsoft New Zealand's communications manager, Carol Leishman, confirmed that a product was in the works. "When we bought GeCAD last year, Microsoft said it would provide (anti-virus) services and engines," she said.
A Microsoft study revealed that about 63% of users either did not have an anti-virus installed, or did not keep installed ones up-to-date. Hinting that behaviour blocking is indeed built into the new anti-virus product, Leishmann said it will have "sandboxing that protects the system before infection".
Juha Saarinen writes for Computerworld