Disadvantages of signatures gradually apparent anti-virus technology is facing revolution

One view is that anti-virus and security providers are gradually losing their initiative in the battle with cyber criminals. Hackers are increasingly hacking into computers, embedding malicious programs, opening computers to send remote attack commands, and turning them into botnets.

The root cause of this situation is that most computers still use the virus feature Library (or virus signature library) provided by anti-virus software to prevent malware.In this traditional way, the computer uses the pattern in the virus database to identify whether malicious software code exists in the file. This clearly only recognizes known viruses.However, the current situation is that thousands of new viruses are generated every day, many of which are encrypted in segments or hidden or variant in other ways. In this case, the virus feature library must be frequently updated online, but even so, many new viruses will still miss the Internet.

In the face of this situation, security vendors began to focus on behavior-based detection methods to identify new viruses.The new anti-virus software will focus on monitoring suspicious behaviors, such as whether a program attempts to write data into executable programs.

The anti-virus and Internet security vendor AVG recently released the identity protection software AVG identity protection, which will focus on analyzing the behavior and characteristics of virus programs. If the program running on the computer looks suspicious, it will be disabled. This technology was originally developed by Sana security, a top identity theft prevention company. AVG acquired Sana security in January and strengthened the technology.

"Every day, adding new malicious code to the feature database will make our anti-virus software companies overwhelmed, because every day there are hundreds of thousands to 20 thousand of new virus samples, "We cannot always follow them," said Roger Thompson, AVG research director. It's time to take new measures !"

At the same time, another security vendor, Damballa, also released their weapon failsafe 3.0 for botnet, to destroy botnet malware that intrude into computers. This technology detects and removes malware by listening to the communication between the compromised system and the nodes that perform command control over the Internet.

Bill guerry, vice president of Damballa product management and marketing, told reporters that even if an enterprise has deployed an anti-virus and Intrusion Detection System and is updated in real time, there will also be 5% of company computers infiltrated by BOT software from botnets-a higher proportion than most people think.

Damballa conducted more than six months of research and scanned more than 0.2 million malware samples using the most advanced anti-virus tool. Result Display,The average time between the two was 54 days after a virus was released until it was captured, and almost half of the viruses were not detected when they first attacked the computer, even 15% of the viruses were not found after 180 days.

In addition, triumfant, another security vendor, released behavior-based anti-virus software last week to protect against zero-day attack attacks. Zero-day vulnerability attacks are targeted at security vulnerabilities that have not been promptly patched and protected. The attack takes a short time and is difficult to prevent.

Triumfant provides a new tool named resolution manager to monitor behaviors that change computer properties, such as registry key values, security and port settings, and performance statistics, and remove suspicious code.

Editor's note:In fact, with the infinite growth in malicious code, security companies are currently using cloud security architecture technology to achieve fast and efficient response time for virus samples. In the opinion of 51cto reporter, cloud security technology can indeed alleviate some urgent problems, but it always requires the support of security tools, including anti-virus software. The most ideal situation is, users can directly access the Internet without any anti-virus tools.