Microsoft has launched Project Freta, a new malware detection service aimed at Linux systems.
Named Project Freta (after the street where x-ray pioneer Marie Curie lived in Poland) the free service provides a means to scan the memory of Linux systems in order to detect malware. Rather than install agents or scanning code onto the target system, instead system admins submit a memory snapshot of the server to the Freta portal and receive a report of its contents. The idea behind this approach is to sidestep the existing arms race between malware writers and security scanners.
Just as malware can be detected by scanning software – the malware can detect the presence of the security software and take steps to hide itself. By performing the scanning off system against a static memory dump, the malware is not aware that the scanning is taking place.
At launch Project Freta supports 4,000 different Linux kernels and Windows support is planned for the future.
The aim of Project Freta is to infer the existence of Malware from evidence in the system memory rather than looking for signatures or code like more traditional malware scanners.