- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Reports about the death of traditional signature-based antivirus software are premature. As the threat landscape evolves, so too must antivirus software to provide both signature- and behavioral-based protection. Effective endpoint security must also incorporate technologies such as endpoint firewall, host intrusion prevention and network access control.
Until recently, attackers were in it for the fame and notoriety of hacking a corporate network. Financial gain was rarely the motivation. This has changed, and corporate networks have never been at so much risk. Attacks are increasingly silent and insidious, targeting sensitive and confidential business data.
Twice a year Symantec releases its Internet Security Threat Report (ISTR), a vendor- and product-neutral examination of the current Internet threat environment. ISTR Vol. XII, released in September 2007, covers the period from Jan. 1 to June 30, 2007. It shows a dramatic increase in instances of data theft, data leakage and the creation of targeted, malicious code for the purpose of stealing confidential information for financial gain.
As attackers have become increasingly financially motivated, they have optimized the capabilities of a broad spectrum of attack methods. MPack is a notable example that emerged in the first half of 2007. This commercially available black-market attack tool kit incorporates malicious code, spam and exploits for Web browser vulnerabilities. It can launch exploits for browser and client-side vulnerabilities against users who visit a malicious or compromised Web site.
Multistaged attacks often incorporate an initial Trojan that downloads a back door, which in turn can allow the attacker to set up a phishing Web site. This suggests that exploit code developers, malicious code authors, spammers and phishers may be collaborating for mutual gains. It also indicates that a new type of attacker has emerged who is versed in all types of attacks and is extremely flexible in his methodology and motives.
The multistage methods have led some analysts to question the value of traditional signature-based antivirus software. Yankee Group analyst Andrew Jaquith in December 2006 published a paper, “AntiVirus is Dead: Long Live Anti-Malware,” saying his objective was to “bust everybody’s bubble that (signature-based antivirus) is keeping people safe and the notion it will solve your malware problems.”
Jaquith is not alone in proclaiming that antivirus signatures are no longer effective and companies should be implementing behavioral-based technologies. This reasoning, while not completely wrong, is misguided. It is correct that proactive behavior-based technologies offer the best protection against zero-day attacks and other threats based on characteristics, not signatures. The number and frequency of those attacks are on the rise. However, signatures remain the most effective tool for the accurate detection and remediation of the thousands of existing known threats that are still prevalent on the Internet
Rss FeedRss Feed
The Leader in Network Knowledge
Comment