Antivirus Firms Have Potential To Produce Single Signatures
As malware becomes increasingly sophisticated, the damage it does has also become more and more specific. Therefore, anti-virus companies are designing equally sophisticated detection products in a hope to capture these infections before they do more harm.
During past years malware attacks released virus into the wild with the goal to infect as many computers as possible. The attacks have evolved to include trojans specifically designed to steal a particular company's database or an individual's private information. Malware writers are very clever to hide their programs, which cause harm to users.
Of all the malware samples discovered, 35 percent had been collected in the last two years (2004-05) alone. Malware imposes a serious threat on the performance of a computer machine. It operates invisibly behind the screen, silently changing data and settings, logging and transmitting information to other parties, or use someone's PC to meet illegal ends. Therefore, an unprotected system makes it hard to spot them.
While speaking at the 'Gartner Symposium' in Sydney in January this year, Eric Quellet, a 'research vice president' in Gartner's 'security, risk and privacy group' said that when attacks target specific PCs or networks, they are most difficult to defend against. He added that companies like Symantec and McAfee will not create a signature for a single computer or a single person. And they are justified not to produce one for a single entity.
However, Rob Forsyth, managing director of AV firm 'Sophos' in Asia-Pacific region countered Quellet's argument about individual signatures by pointing that Sophos has already designed unique signature files for one customer. Forsyth informed that the company's "genotype" technology is capable of searching unknown malware, which rates signatures 'less critical'.
As said by Tom Chan, 'enterprise and partner services' manager in Asia-Pacific, security firm MessageLabs doesn't produce customized signatures yet it applies intelligent tools to tackle unknown codes. One of the processes involves sifting through a huge number of e-mails every week and using signatures to quickly spot known threats. For unknown codes the firm feeds them into a 20GB database that analyzes the behavior of an application to determine the risk level.
Related article: Antivirus Performance Declined in Comparison to 2006
» SPAMfighter News - 30-11-2006