The future of anti-virus protection
Signature based scanning can't cope any more
By Ellen Messmer | Published 10:00, 15 December 08
Kaspersky will also be adding to all its desktop products the whitelisting and blacklisting approach it tried in its consumer products last summer through a partnership with Bit9. These technologies seem more adapted to the desktop right now, so Kaspersky hasn't pinpointed a strategy for this use in servers yet.
Trend Micro's vice president of core technology solutions, John Maddison, agrees the malware epidemic is challenging traditional signature-based detection where signature files are downloaded and stored on the computer itself.
"By 2015, we predict upwards of 25,000 new signatures per hour just to keep up," says Maddison.
Trend Micro's approach, outlined by CEO Eva Chen in early 2008, is to put the signature patterns "in the cloud," with Trend Micro's SmartProtection detection.
This approach, now in beta with 30 customers and expected to be rolled out in the second quarter of 2009, involves computers protected with Trend Micro's agent-based software that can query the cloud to detect and eradicate known malware.
For the enterprise, Trend Micro will simply "put a replication of the cloud on a server" and "the cloud will come to them," Maddison says. "The cloud has to become real-time with sophisticated updating methods to be updated almost instantly." Web-threat protection is another arrow in the quiver to detect malware, Maddison says.
Dave Marcus, director of security research and communications at McAfee, agrees signature-based detection "is less important than it was five years ago, when you consider the sheer volume of malware out there."
McAfee has already begun a shift to cloud-based malware detection, and sees behavior-based detection as a good augmentation as well. But Marcus adds: "Signature-based recognition will always be part of security technologies going forward."
