New approaches to malware detection coming into view

New startups play the malware defence game differently to the established security players

The traditional signature-based method to detect viruses and other malware is increasingly seen as an insufficient defense given the rapid pace at which attackers are churning out virus and spyware variants. All of which raises the question: What's next?

The three security vendors that dominate the antivirus market today, McAfee, Symantec and Trend Micro, say they have no intention of abandoning signature-based defense, which calls for identifying a specific malware sample to create a matching signature in order to detect and eradicate it. However, the big three vendors acknowledge there's a need to augment this decades-old methodology, and some of the new techniques they're devising will be unveiled as products this year.

"Everyone agrees signature-based defense is not enough," says Brian Foster, Symantec's senior director for product management, who notes the security firm receives 200,000 submissions of potential malware each month. "The number of variants is increasing."

To augment signature-based detection in its next enterprise antivirus release planned for this summer, Symantec will include whitelisting technology for policy-based control of applications down to a software-component level, says Foster. This future-looking malware protection from Symantec will also make use of behavior blocking that promises to be able to stop at least some malware from executing, holding it "in a frozen state on that machine," says Foster. "The core of our strategy is, we will change the game."

Security startups to watch

In the meantime, some brash start-ups say they realized years back the malware-defense game had changed -- and they're now elbowing their way in by playing it differently.

One is SignaCert, launched earlier this year to market enterprise desktop and server software that can be used to create a white list that only allows specified applications and files to work.

"We've definitely reached a point of diminishing returns with traditional signatures," says SignaCert chair and CEO Wyatt Starnes.

With its Enterprise Trust Server product, SignaCert has created encryption-based signatures of binary-software releases obtained directly from vendors, including Sun, Microsoft, IBM and Intel. "Because you know what the good code is, you don't let the bad code run," Starnes says.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about GartnerGartner ResearchGatewayGeniusGoogleIBM AustraliaIntelMcAfee AustraliaMicrosoftSafeWebSecure ComputingSurfcontrolSymantecTrend Micro AustraliaWebsense

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by Ellen Messmer

Latest Videos

More videos

Blog Posts