Symantec-Veritas Merger Improves Anti-Malware
Radical improvements in anti-malware detection isn't going to come from marginal tweaks to existing algorithms and techniques. We need fundamental changes. The Symantec Veritas merger is showing how this can be done. By combining disk scanning techniques that can bypass the operating system, Symantec's Raw Disk Scan can detect rootkits and spyware that would be hidden within an operating system scan.
This is just the start.
ComputerWorld reports in Symantec pitches rootkit tech as Veritas validation that:
The Veritas software used in the application allows the technology to directly read sector data from device hard drives and then reconstruct the files for malware scanning without ever needing to access a machine's operating system.
and it's working,
"Independent firms doing benchmarking have shown that Raw Disk Scan has improved Symantec's ability to detect rootkits," said Andrew Jaquith, an analyst with Yankee Group
This is the kind of fundamental shift in tactics that is needed to catch up with the malware developers. They have the upper hand these days but they are vulnerable. For example, new anti-spam and phishing techniques are making inroads in to controlling email pollution.
Of course, none of these new approaches will do any good if devices aren't running the anti-malware software. I've argued earlier that good management is good security. Symantec purchased Altiris, the IT management software vendor, because, like Veritas, it complements Symantec's core compentancies. We need more of this.
Taking on the bad guys head on isn't enough, sometimes security requires more than security vendors are (traditionally) selling.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
