Major AV Vendors: Pure Signature-Based Approach Insufficient
April 27th, 2007 by Paul Mah
3,368 Views
An article from Network World just caught my eyes. Much like what I wrote last week about The death of the anti-virus software, New approaches to malware detection coming into view notes that “traditional signature-based method to detecting viruses and other malware is increasing seen as an insufficient defense given the rapid pace at which attackers are churning out virus and spyware variants”.
While it appears that the three security vendors that dominate the antivirus market today have no intention of abandoning signature-based defense, they indeed acknowledge that the argument is strong for augmenting the decades-long approach of signature-based scanning and detection.
Following are some excerpts and viewpoints pertaining to Symantec, Trend Micro and McAfee which quipped my interest.
Symantec
“Everyone agrees signature-based defense is not enough,” says Brian Foster, Symantec’s senior director for product management, who notes the security firm receives 200,000 submissions of potential malware each month. “The number of variants is increasing.”
In its next enterprise antivirus release planned for this summary, “Symantec will be including whitelisting technology for policy-based control of applications down to a software-component level”, says Foster. “The core of our strategy is, we will change the game.”
Trend Micro
Trend Micro’s director of Internet content security, Paul Moriarity, says the firm is looking beyond singnature-based defense, which he says “has utility but some limitation.” He says Trend Micro is investing in technologies to determine malware based on patterns of traffic to desktops or servers.
McAfee
At McAfee, the focus remains on signature-based detection, augmented by host-based intrusion prevention. “I can understand why some would think signatures are dying,” says David Marcus, McAfee’s security research manager, adding, “but it does go back to someone not really understanding what a signature is. Some cleaning and repair can’t be done without them.”
Well, looks like the anti-virus vendors are finally waking up and change is afoot. Though it is clear that each of the top 3 AV vendors have rather different outlook and strategies to deal with the problem.
Conclusion
So which approach would be the best? Would it perhaps be a combination of the above philosophies instead? Only time, and maybe the ingenuity of the malware authors themselves, will be able to yield the answer.
3 Responses to “Major AV Vendors: Pure Signature-Based Approach Insufficient”
Leave a Reply
You must be logged in to post a comment. Free Registration »
[…] blah. Which is kind of pointless given that the trojan currently dodges anti-virus detection (see major AV vendors agree that a pure signature-based approach is insufficient) and “unpatched browsers” can just as well mean “no patch available yet” […]
[…] As an IT professional myself however, I cannot help but note the increasing use of custom - and questionable, applications that are offered as downloads. As I have mentioned previously in The Death Of The Anti-Virus Software, existing signature-based antivirus techniques are quickly being rendered obsolete. In fact, even the major AV vendors agree here - Major AV Vendors: Pure Signature-Based Approach Insufficient. […]
[…] And if you happen to have the source code for the tool, it becomes a very real possibility to tailor it to output a totally customized trojan that no standard anti-virus scanners on the market will be able to detect. (See my: Major AV Vendors: Pure Signature-Based Approach Insufficient). […]