INFOTECH: The Changing Role Of Malware Detection Technology
Recent Gauteng Business News
- Harnessing the Power Of Dynamic Unified Communications in the Transportation and Logistics Sector
- CILTSA Announces Offering Of Internationally-recognised Logistics and Transport Qualifications
- BrandsEye Awarded Top Business Innovation Honours
- MAS to Treble Property Portfolio By Year-End
- SMMEs in the Pound Seats As Broadband Prices Plummet
Proactive detection and blocking
The holy grail of security sotware is protection in the form of proactive blocking through a range of heuristic, reputational and generic countermeasures.
In other words, stop badware (and other forms of attack) gaining a foothold on a protected system in the first place.
Detection of known malware
First there were viruses (in the broad sense of self-replicating malware in many guises). And yes, there were trojans too, but in smaller quantities, except in the limited sense in which viruses can also be described as trojans – or at any rate, virus-infected code can be described as trojanised. As the balance between self-replicating and non-replicating malware slowly shifted, detection technology also changed, from exact identification to near-exact, to passive heuristics, to active heuristics and sandboxing, to reputational analysis and so on. Unfortunately, malware technology also evolved in ways that reduced the effectiveness of these enhancements. Nonetheless, a high proportion of threats and threat variants continue to be detected either specifically or using more generic detections.
Remediation where something is detected after it has gained a foothold (that is, infected and made some undesirable modification to the system).
As the glut problem began to bite and detection by static signature declined in effectiveness, infection became more sophisticated and harder to reverse, and remediation needed more attention, though we have rarely agreed with those who have said that once you are infected, there is nothing to do but re-image. Then things began to change with heuristics, behaviour analysis, reputation and the rest. Anti-malware is achieved through reputation, behaviour, advanced heuristics, and signatures are primarily used for remediation where proactive methods have failed.
Look for a combination of solutions that give you the best coverage at a price you can afford. This applies to home users as well: the right free antivirus is a lot better than no protection, but the relatively low outlay for a component security sutie is well worth it for the extra layers of protection.
Business News Sector Tags: Infotech|