Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Behavioural analysis remains the best option for tackling adaptive malware.

Tier-3 : 10 January, 2008  (Technical Article)
With viruses and malware migrating from amateurs to money making professionals, the scope of the problem can only be dealt with using behavioural analysis to prevent zero day infections according to Tier-3.
As reports from companies like McAfee and F-Secure reveal soaring numbers of malware variants appearing in their databases, Tier-3, the behavioural analysis IT security firm, says that behavioural analysis software is now the best way of protecting company IT resources against unknown, as well as known, security threats.

'According to some end-of-year reports, McAfee and F-Secure's malware databases, which stretch back to 1986, when the first viruses started to appear, doubled in size during 2007,' said Geoff Sweeney, CTO of Tier-3.

'Accessing these databases within active memory to tackle malware in real time is still feasible, but there will eventually come a day when IT security vendors have to resort to different approaches to ensure their software fully protects the host computer,' he added.

"We have already seen from Didier Stevens, a Belgian IT security expert with more than a quarter of a century's experience in the industry that malware authors have stumbled on the fact that many of today's 32 and 64-bit IT security software still limit their signature analyses to the first 256 or 512 bytes of a script. If a script is padded out with a lengthy string of zero byte entries, then it follows that a modern script can pass unnoticed and wreak havoc on a Windows-driven computer system," he added.


"Questions need to be asked as to why some AV products and internet browsers are still susceptible to this type of obfuscation technique. Some initial thoughts have centred around the fact that it may be to do with catering for the lowest common denominator in terms of client hardware or an indication of performance issues more generally. The performance degrading relationship between higher bandwidth speeds and larger signature databases is a well known problem to the industry", he explained

Against this backdrop, Sweeney says that behavioural analysis software technology is the logical next step forward, mainly because it protects against unknown - i.e. new - threats, as well as known ones without impacting on memory performance.

'It protects a system against known and unknown threat vectors and, as such, it's a lot more efficient than a database or hash data- driven database, which can often require relatively high memory resources,' he said, adding that the problem of loading larger and larger databases into active memory is a problem that can only get worse for the conventional anti-malware vendors in the future.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo