IEEE Anti-Malware Support Service (AMSS)
IEEE Anti-Malware Support Service (AMSS) is a set of shared support services, created through the collaborative efforts of many of the major players in the computer security industry. It enables the individual security companies and the industry as a whole to respond more effectively and efficiently to the rapidly mutating universe of contemporary malware threats.
AMSS currently consists of two main services: the Clean file Metadata eXchange (CMX), and the Taggant System.
CMX provides real-time access to information related to clean software files, even prior to the publication of the corresponding software. This can help reduce the number of false positives detected by anti-virus software when more aggressively searching for malware.
There are two types of CMX users:
Providers: They provide the metadata at the time of final software application build, for publicly released software and for internal corporate applications.
- Requires an invitation, or an already existing Class 3 Digital Code Signing Certificate
- There is no fee for providers
Consumers: They retrieve the metadata, for use in security product backend systems or other processing.
The Taggant System places a cryptographically secure marker in the packed and obfuscated files created by commercial software distribution packaging programs (packers). Legitimate packers are often abused by malware creators to create many, difficult-to-detect variants of their malware. The Taggant System markers identify the specific packer user's license key, used to create an instance of packed malware. That packer user can then be blacklisted, and all files created by that packer user will be reported as suspicious in the Taggant System.
There are two types of users:
Software Packer Vendors (SPVs): They are the makers of commercial packing and obfuscation programs.
Software Security Vendors (SSVs): They provide security solutions, validate taggants and compare them to a blacklist of bad license keys. This requires licensing the use of the Taggant System IEEE Public Root Key and getting access to the blacklist.