Startup pitches smarter AV

With a name like Robot Genius you wouldn't expect the company's leaders to be modest, but the more you hear the firm's Chairman Stephen Hsu talk about his startup's new approach to anti-malware, the more you believe the name might fit.

On April 30, the company founded by Hsu and James Hormuzdiar-- a partnership best known for building SSL VPN provider SafeWeb and selling it to Symantec for $26 million in 2003 -- will formally introduce a trio of behavior-based security products.

By taking a radically different approach to scanning the Web for malware code and using massive computing power to filter out every URL on the Internet responsible for serving up infections, Robot Genius' technologies will change the way people view anti-virus tools, Hsu said.

"We're entering an era where the scalability and bandwidth of machines allows for constant monitoring for malware by looking at the entire Web and studying every piece of downloadable software that's available," said Hsu. "Meanwhile, the current generation of virus-scanning applications, even behavior-based tools, has reached its limits in terms of finding the most sophisticated attacks, and lacks the ability to adequately fix problems once they're found."

There are only a small number of sites that offer immediate "drive-by" style infections online today, according to Hsu, with the majority of attacks still dependent on user-driven executable downloads. By choking off the malware sources themselves, the vast majority of viruses can be defeated, he said.

By marketing the tools to firewall makers, search engine companies, and Internet service providers, rather than customers themselves, the firm contends it can stop attacks long before they end up on people's desktops and create a lucrative technology licensing business.

At the core of Robot Genius' technology portfolio is its Web crawling technology, dubbed RGCrawler, which has been designed as an automated system for identifying online executables and testing them for malicious behavior. With no human intervention, the system claims the ability to find, download, and test every .exe file online and create a blacklist of suspicious programs.

By scouring each of the estimated 3 million executable file paths on the Web and scanning new programs almost as soon as they appear, Hsu claims, the system is far superior to its rivals, especially in terms of identifying zero day threats.

Based on the company's research thus far, roughly 5 percent of all downloadable on the Web are some form of unwanted software, including attacks and unlawful adware.

Through locating the exact sources of threats, versus infected Web sites simply used as shills for distributing the malware code, the inventor claims that the system outflanks increasingly popular reputation-based URL filtering technologies such as McAfee's SiteAdvisor. RGcrawler also looks at executables individual characteristics, such as their uninstaller functionality, to determine whether or not something is a threat.