Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Microsoft and Google Desktop/Web Integration Offer Too Little, Bring Too Many Risks | Main | Blocking New Kinds of Spam: Check Content not File Types »

Malware 2.0 - Avoiding Detection

Malware developers are trying to avoid detection by overwhelming the AV system making it nearly impossible to keep up with the volume according to 'Malware 2.0' raises its ugly head

PC Tools said that malware variants are now released at "immense rates", driving up sample volumes and making it almost impossible for researchers to keep on top of updates using manual analysis.
These threats are taking advantage of the non-detection sweet spot where they can freely propagate and infect before anti-malware companies can respond.

The same article quotes Fran Howarth, of Hurwitz and Associates who says:

Signature-based detection is dead, be it for antivirus, intrusion detection or any other security measures

It's a pretty harsh assessment. It true, our options include:


1. Using data mining techniques to automatically detect patterns indicative of malware, either in static code or in behavior

2. Improve behavior-based detection techniques; but malware writers are already developing techniques to avoid that kind of detection.

3. Use application white lists, in spite of their limitations.


#3 can be implemented in the short term but isn't likely a long term solution.

#1 sounds good in theory but malware writers could move to obfuscation techniques that mask the patterns that are detected.

#2 is basically saying do what we do but do it better.

On second thought, maybe the short term solution is the long term solution.

Tags:                  
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on July 20, 2007 8:44 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/359

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net