Trend Micro, McAfee make plans
Trend Micro's director of Internet content security, Paul Moriarity, says the firm is looking beyond signature-based defense, which he says "has utility but some limitation."
He says Trend Micro is investing in technologies to determine malware based on patterns of traffic to desktops or servers. In addition, Trend Micro's researchers are increasingly convinced that Internet users can be saved from stumbling into Web-based malware by just keeping them away from Web sites whose domain names have existed less than five days.
"You should generally be skeptical about domains less than five days old," says Moriarity. Web sites containing malware are often established using what he called "domain kiting," registering a domain for free for five days and then cancelling, and then re-registering as another entity.
Moriarity says he applauds Robot Genius for "taking a different tack to solve the problem," noting that "scanning the Internet for malware is a very good approach." But he voices doubt that the Spyberus client's behavior-based detection would prove viable.
In the industry, "there's a lot of talk about looking at the behavior of malware, but I'd say that's false hubris," Moriarity says.
At McAfee, the focus remains on signature-based detection, augmented by host-based intrusion prevention, which was added to the eighth version of McAfee's antivirus products.
"I understand why some would think signatures are dying," says David Marcus, McAfee's security research manager, adding, "but it goes back to someone not really understanding what a signature is. Some cleaning and repair can't be done without them."
McAfee identifies 125 to 130 unique new forms of malware each day and turns around virus signatures in as little as two to four hours. "It's definitely manageable," says Marcus.