IEEE Anti-Malware Support Service (AMSS)
IEEE Anti-Malware Support Service (AMSS) is a set of shared support services, created through the collaborative efforts of many of the major players in the computer security industry. It enables the individual security companies and the industry as a whole to respond more effectively and efficiently to the rapidly mutating universe of contemporary malware threats.
AMSS currently consists of two main services: the Clean file Metadata eXchange (CMX), and the Taggant System.
"We implemented Taggant blacklisting procedures and it proved to be a convenient and effective way to detect malware packed by commercial packers. As a result, we plan to use the Taggant System for clean files whitelisting.” - Alexander Liskin, Heuristic Detection Group Manager, Kaspersky Lab.
CMX provides real-time access to information related to clean software files, even prior to the publication of the corresponding software. This can help reduce the number of false positives detected by anti-virus software when more aggressively searching for malware.
The CMX system is live, fully operational, and being utilized. For example, Microsoft is posting all operating system related metadata from Windows XP through Windows 10. New public data being created by all metadata providers, including Microsoft is also being posted, enabling your company to gain access to relevant information about trusted clean software.
There are two types of CMX users:
Providers: They provide the metadata at the time of final software application build, for publicly released software and for internal corporate applications.
- Requires an invitation, or an already existing Class 3 Digital Code Signing Certificate
- There is no fee for providers
Consumers: They retrieve the metadata, for use in security product backend systems or other processing.
For more information download
The Taggant System places a cryptographically secure marker in the packed and obfuscated files created by commercial software distribution packaging programs (packers). Legitimate packers are often abused by malware creators to create many, difficult-to-detect variants of their malware. The Taggant System markers identify the specific packer user's license key, used to create an instance of packed malware. That packer user can then be blacklisted, and all files created by that packer user will be reported as suspicious in the Taggant System.
A new version, Taggant V2, was developed to address the need of applying taggants to different types of files. It also allows for adding a taggant after a file is created, as well as supporting multiple taggants on the same file. This functionality will be used by the Clean Software Alliance (CSA) to self-regulate the distribution of free and ad-supported software.
There are two types of users:
Software Packer Vendors (SPVs): They are the makers of commercial packing and obfuscation programs.
Security Software Vendors (SSVs): They provide security solutions, validate taggants and compare them to a blacklist of bad license keys. This requires licensing the use of the Taggant System IEEE Public Root Key and getting access to the blacklist.
For more information download
- Taggant System Operations
- Taggant System Guide for PKI Manager
- Taggant System Onboarding Document
- IEEE Software Taggant System