Anti-virus Remains Important

Anti-virus software remains important as preventative measure, in spite of the reports that newly-released threats are undetected by anti-virus products. Anti-virus also functions as a detective measure, notifying you that a breach has occurred … if you attend to the notifications.

Use the information gleaned from these detective measures to shore up your preventative measures. Typically, this means blacklist (URL filter) destinations on the web or uninstall software that opens security holes.

I was asked “what’s new in virus threats?” Not much, really. That’s what’s interesting. The same old approaches keep working. What does it take to reverse this trend?

To reverse this trend, make it more difficult to make money from new threats. A a rule, these new threats are not very new; they are slight variants of earlier threats, created to avoid detection by anti-virus software (often with packers and cryptors). Eventually, someone recognizes the new variant, submits it to one or more anti-virus vendors, and anti-virus vendors add detection for the new variant. Meanwhile, malware developers work on tweaking the same old threat to produce a new signature and evade anti-virus protection.

To make this malware development less profitable, the “time to detection,” the interval between introduction of a new variant and detection by anti-virus software, must be reduced. There is some hope that research into improved code analysis, not just signatures, can reduce the effective life of these variants. An efficient code analysis technique, one which does not significantly degree performance, would be required. A system which performs in-depth code analysis at the cost of delayed response would have limited user acceptance.

Meanwhile, we should do our part to collect the new malware variants and place them in the hands of anti-virus vendors. How many organizations willing to discover malware would it take to make malware development less attractive? Twenty? Forty?

We cannot treat this expense as someone else’s problem. When few organizations work on this issue, it is everyone’s problem.

See also:

Modern Malware Exposed, a blog from the threat researchers at Fireye.

Enterprise antivirus protection: Is signature AV worth the money?

IBM X-Force Threat Reports

Kaspersky Security Bulletin 2012

 

This entry was posted on Monday, May 31st, 2010 at 1:53 PM and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

One Response to Anti-virus Remains Important

  1. Is Anti-virus Reactive? « Aggressive Virus Defense says:
    December 26, 2010 at 5:28 PM

    […] See also: Can You Clean a Virus?, Basic Virus Defense, Is Anti-Virus Dead?, The Anti-Virus Guy, Anti-Virus Remains Important […]