Sophos Claims Inventing Foolproof Malware Scanner Using Behavioral Genotype Protection

Sophos has launched a host intrusion detection technology which it claims can spot any malware before it has a chance to execute anywhere on the network. It is integrated into the company’s anti-virus scanning engine.

HIPS uses “behavioural genotype protection” to analyse executable code at the network gateway, or before it runs on server or client PC. Link

According to Sophos senior product manager John Shaw, the system used a complex form of heuristics. Instead of simply looking at one aspect of a suspect file for signs of malware, the new technology was able to grasp multiple elements of a file’s intention and design to discern infection.

In simple terms that means it looks for set of patterns in the code and uses some kind of expert system or neural network / GA / GP techniques to detect malware. They claim to have trained against terabytes of data.

Sophos claims that it detects and stops unknown malware, eliminates false positives, and does so without needing major software upgrades – all things traditional host systems have struggled with. It can filter malware before computers get infected.

I find its “Foolproof” claim rather hard to believe.