Home » Data Protection » Malware/Cybercrime

The Future of Antivirus

As signatures proliferate, antivirus vendors must ramp up other techniques for spotting and squashing malware

Meanwhile, Bit9, the application whiteÂlisting company highlighted in Bloor's report, uses antivirus software to help build its databaseâ¬22 kinds of antivirus software, in fact. In November 2007, it announced a deal to give access to this database to security software maker Kaspersky Labs. Bit9 officials said that the database will help Kaspersky check new signatures to limit false positives.

It's also true that antivirus makers continue to sell billions of dollars worth of software, despite Bloor's proclamation. Bloor, though, says that "the technique of protecting PCs using virus signatures is now on the wane," and rattles off a list of whitelisting companies offering software authentication tools—not just Bit9, but also companies such as Lumension (formerly SecureWave), Savant Protection, Computer Associates and AppSense. And he noted the Kaspersky deal and Apple's use of whitelisting to protect the iPhone.

Not Just Whitelisting

Antivirus software has its uses. If a system is actually infected by malware, it "may be the least painful way of removing it," says David Harley, administrator of Avien, the antivirus information exchange network, adding, "Whitelisting does seem to be advocated currently as the panacea du jour. I think this relentless search for The Answer, discarding one partially successful solution set for something else in the hope that it will eliminate the problem, is actually unprofessional."

Harley makes that argument because he doubts that any single technology approach will be a 100 percent solution when it comes to security. He wrote that whitelisting thus is likely a supplemental technology for fighting malware, making it one of a host of newer technologies that have been adopted, including heuristics, sandboxing and behavior monitoring.

Corporate CISOs certainly don't expect to find one answer to their problems. "If you rely on signatures for security, you're pretty much dead in the water," says Ken Pfeil, head of information security for the Americas Region of WestLB, a German bank. Pfeil thinks signatures are useful and his firm uses them. But when new malware appears, he often finds it faster to try to break it down himself to understand its potential effects, rather than to wait for his vendor to give him an update. His firm has also adopted tools that use heuristics techniques and anomaly testing, to add oomph to its antivirus approach.

That kind of layered approach to software fits with where Natalie Lambert, an analyst at Forrester Research, thinks the market is going. She says that signature-based antivirus is "table stakes" for security software, and techniques like heuristic information processing systems, or HIPS, which looks for suspicious actions by software, like an application opening itself from the Temp folder.