Security Protection – Harry Waldron MVP Rotating Header Image

RSA 2011 – Signature Based Anti-Virus may not be effective

Malware continues to use highly polymorphic attacks, so that each new wave becomes a unique variant within the malware family. AV pattern recognition techniques alone may not detect early waves (usually a 30% coverage ratio of day one),   However, signature based AV may be more useful for cleanup and restoration actions.  Heuristic or behavioral based AV products can help improve protection.  Malware defenses cannot rely on a single defense system, as complementary layers of protection are always required in corporate environment.

RSA 2011 – Signature Based Anti-Virus may not be effective http://blog.trendmicro.com/from-rsa-2011-last-nail-in-the-coffin-for-signature-based-av/

QUOTE: Signature-based antivirus will continue to be a necessary but insufficient element of security measures. However, insofar as using it as the singular strategy to combat malware in the foreseeable future, its heyday is very much over. As Trend Micro CTO Raimund Genes said, signature-based technology is only good for system cleanup and in identifying the specific system modifications made in order to restore the system to its original state. Effective threat prevention today requires a more proactive combination of approaches that take various infection vectors into consideration.

Leave a Reply