Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

The true measure of a security tool’s usefulness is often whether it runs on a wide range of systems without interfering with other software, Hansen said.

“This may work fine when you have it in the lab, but it’s another thing when you try to deploy something like this on peoples’ computers,” Hansen said. “In fact, I could see something like this easily breaking the functionality of some leigitimate software applications.”

Indeed, legitimate programs designed to automatically download security updates could encounter problems with a program like BLADE, said Eric Howes, director of research services at Sunbelt Software, a security company based in Clearwater, FL. “I would be especially concerned about potential false positives on other applications that perform background [software] updates or download stuff in the background.”

BLADE certainly can’t stop all Web-based malicious software, either, Porras admits. It cannot, for example, stop social engineering attacks, in which a user is tricked or bullied into installing a malicious program. The “Koobface” worm, for example, spreads on social networking sites such as Facebook and prompts recipients to download a video player plug-in in order to view a picture or movie supposedly sent by a friend. BLADE would do nothing to block such attacks because they ultimately prompt the user to install the bogus plug-in, which is in fact malicious software that gives attackers complete control over the victim’s PC.

BLADE also is useless against threats that reside completely inside of a computer’s temporary memory space, as the tool is designed to block malware that tries to write to the computer’s hard drive. While most malware is written to the hard drive, there are some advanced threats that live only in memory.

6 comments. Share your thoughts »

Tagged: Computing, security, malware, malicious code, SRI International

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me