Gauteng Business News

Send  Share  RSS  Twitter  17 Sep 2014

INFOTECH: The Changing Role Of Malware Detection Technology


Recent Gauteng Business News

Today malware detection as implemented by what some still refer to as the anti-virus industry has three main components, and although each component has been regarded as its ‘primary’ function by different commentators at different times, all three still have a part to play in a modern anti-malware product, says Carey van Vlaanderen, CEO of ESET Southern Africa.

Proactive detection and blocking

The holy grail of security sotware is protection in the form of proactive blocking through a range of heuristic, reputational and generic countermeasures.

In other words, stop badware (and other forms of attack) gaining a foothold on a protected system in the first place.

Detection of known malware

First there were viruses (in the broad sense of self-replicating malware in many guises). And yes, there were trojans too, but in smaller quantities, except in the limited sense in which viruses can also be described as trojans – or at any rate, virus-infected code can be described as trojanised. As the balance between self-replicating and non-replicating malware slowly shifted, detection technology also changed, from exact identification to near-exact, to passive heuristics, to active heuristics and sandboxing, to reputational analysis and so on. Unfortunately, malware technology also evolved in ways that reduced the effectiveness of these enhancements. Nonetheless, a high proportion of threats and threat variants continue to be detected either specifically or using more generic detections.


Remediation where something is detected after it has gained a foothold (that is, infected and made some undesirable modification to the system).

As the glut problem began to bite and detection by static signature declined in effectiveness, infection became more sophisticated and harder to reverse, and remediation needed more attention, though we have rarely agreed with those who have said that once you are infected, there is nothing to do but re-image. Then things began to change with heuristics, behaviour analysis, reputation and the rest. Anti-malware is achieved through reputation, behaviour, advanced heuristics, and signatures are primarily used for remediation where proactive methods have failed.

Look for a combination of solutions that give you the best coverage at a price you can afford. This applies to home users as well: the right free antivirus is a lot better than no protection, but the relatively low outlay for a component security sutie is well worth it for the extra layers of protection.


Online Foreign Exchange
Foreign Exchange


Fax 2 Email



Online Casino


Shop Online

Study IT
Study IT Online

Web design
Web Design


Work from Home
Company News


© 2021 All rights reserved.

Daily Newsletter Subscription


Subscribe to the Gauteng Business News Daily News and information email (it's free).

Thank You
Your email address has been added.

Email Address: