VeriSign tech to unmask malware posing as software
Published: 14 Nov 2008 10:54 GMT
The technology that protects consumers from spoof websites could be unleashed as the next weapon in the fight against malware.
Security company VeriSign is looking at creating a system to certify that software is what it claims to be, rather than malware masquerading as a software upgrade, for instance.
The vision is for a system which will work similarly to VeriSign Extended Validation (EV) SSL, which turns web browsers' address bar green to verify that sites are genuine and not malicious.
The proposed system for authenticating software could flash up a symbol during the installation process, certifying that software was created by the organisation that it claims to have been created by.
The plans are being discussed by the Certification Authority Browser Forum, a voluntary organisation of certification authorities and vendors of internet-browser software, including Microsoft, that helped develop the EV SSL certificate system.
Competition
Win a Yoggie Gatekeeper Card Pro
Gatekeeper Card Pro is designed to protect laptops in and out of the office. Enter soon though, as the competition ends on 17 November
VeriSign would offer certificates to software makers that pass its screening and auditing criteria — in much the same way as it does for online organisations signing up for EV SSL certificates.
The operating system would hold a list of certificates issued to trustworthy software makers and check for the certificates within the software during installation.
A spokesman for VeriSign said: "We are looking to expand the SSL to other certificate types where we will know the identity of the author of a piece of software before you install it on the machine. The OS would control what it looks like."
Credit: Software EV SSL: The next weapon against malware? from silicon.com
Did you find this article useful?
2 out of 4 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
