'White Listing' Repairs Broken Anti Malware Model


Today's antivirus model is broken, largely because it seeks to block known malware without any way of anticipating the nature of the next attack. This blacklisting approach hit a rough stretch last year as attackers developed faster, automated ways of launching variations of malware that eluded unsuspecting defenses. As a consequence, a newer "white listing" approach has emerged that acts like a nightclub bouncer working from a guest list. If you're not on the list, you're not getting in.

The emergence last year of successive, low-volume attacks that struck targeted networks in waves, each containing slightly varied versions of a particular malware, exacerbates the problem and exposes blacklisting's weaknesses. According to a report on e-mail-borne malware produced last week by e-mail security vendors Proofpoint and Comtouch Software, malware variants each had to be individually identified and blocked, allowing malware writers to stay ahead of signature-based antivirus programs.

"No heuristic can block all of the variants, and by the time a signature is released, that particular outbreak has ended and several new variants have been released," the report says. "In 2006, the massive-variant viruses turned every hour of an attack into a zero-hour." 'White Listing' Repairs Broken Anti-Malware Model - News by InformationWeek

Linked by shanmuga Tuesday, 16th January 2007 11:57PM