New approaches to malware detection coming into view - Network World

Skip Links

DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Security

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library.  Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Audio

Crackin' the Kraken bot. Listen now!

Network World's Newsmaker of the Week

Wireless dangers at airports. Listen now!

Network World Panorama

Additional Resources

RSS

FEATURED WHITEPAPERS

Core PCI Requirements for Windows and Active Directory NetPro

The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry regulations imposed by the major credit card companies to ensure the safety, security, and integrity of cardholder data. Any business that processes, stores, and transmits cardholder account data must comply with this complex new standard, and must be able to demonstrate that compliance through automated and manual audits of their systems. This white paper looks at the key challenges and requirements of PCI DSS as it relates to Microsoft Windows and Active Directory, and shows you how a third-party software solution can help with PCI compliance.

RSS

FEATURED REPORTS

Executive Guide: Storage Heats Up HP

Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.

RSS

FEATURED WEBCASTS

Reduce Complexity and Cost - Windows Server Consolidation with Virtualization from Novell Novell

There are many compelling reasons for virtualizing Windows and Linux applications. Virtualization improves server utilization by allowing you to run multiple workloads on a single physical server. It reduces the number of physical servers you have to maintain, while allowing you to use less physical space and power while still improving scalability. All of these capabilities translate directly into lower costs, less complexity, and greater flexibility in your mixed IT environment. Register below to learn more and be entered to win an Archos 605 Portable Media Player.

IT Buyer's Guides

View All Buyer's Guides

Free Newsletters

Sign up and receive the latest news, reviews and trends on your favorite technology topics

Save The Date!
What They Are Saying

Enterasys Sentinel is now known as Enterasys NAC - see http://www.enterasys.com/products/advanced-security-apps/enterasys-network-access.aspx...- Anonymous

Join the Discussion

Where you need it, When you need it. Network World's iDemand platform delivers the information you need right to your desktop.

New approaches to malware detection coming into view

McAfee, Symantec, Trend Micro and start-ups share their plans
By Ellen Messmer , Network World , 04/25/2007
  • Social Web 
  • Email 
  • Feedback 
  • Close

The traditional signature-based method to detect viruses and other malware is increasingly seen as an insufficient defense given the rapid pace at which attackers are churning out virus and spyware variants. All of which raises the question: What’s next?

The three security vendors that dominate the antivirus market today, McAfee, Symantec and Trend Micro, say they have no intention of abandoning signature-based defense, which calls for identifying a specific malware sample to create a matching signature in order to detect and eradicate it. However, the big three vendors acknowledge there’s a need to augment this decades-old methodology, and some of the new techniques they’re devising will be unveiled as products this year.

“Everyone agrees signature-based defense is not enough,” says Brian Foster, Symantec’s senior director for product management, who notes the security firm receives 200,000 submissions of potential malware each month. “The number of variants is increasing.”

To augment signature-based detection in its next enterprise antivirus release planned for this summer, Symantec will include whitelisting technology for policy-based control of applications down to a software-component level, says Foster. This future-looking malware protection from Symantec will also make use of behavior blocking that promises to be able to stop at least some malware from executing, holding it “in a frozen state on that machine,” says Foster. “The core of our strategy is, we will change the game.”

 

Security startups to watch

In the meantime, some brash start-ups say they realized years back the malware-defense game had changed -- and they’re now elbowing their way in by playing it differently.

One is SignaCert, launched earlier this year to market enterprise desktop and server software that can be used to create a white list that only allows specified applications and files to work.

“We’ve definitely reached a point of diminishing returns with traditional signatures,” says SignaCert chair and CEO Wyatt Starnes.

1 | 2 | 3 | 4 |  Next >
Comments (2)
Login
Forgot your account info?

you are missing a lot....By Mohit on April 27, 2007, 6:04 pmI wrote about new approaches to malware detection/prevention which are being called "Host based IPS" on my blog: http://securetheworld.blogspot.com/2007/04/what-is-host-ips.html However,...

Reply | Read entire comment

New approaches to malware detection coming into viewBy Anonymous on April 27, 2007, 1:24 pmReversers know that this still won't be effective for small business or home user environments which are most vulnerable--especially those without the money to buy...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.
First Name
Last Name
E-mail
Zip Code