Signature-based security unable to cope with 'zero-minute' threats.

Signature-based malware detection techniques are becoming less effective in the face of so-called 'malware 2.0' threats, a security firm claimed today.

"The security space is changing rapidly. We are witnessing a major shift in the anti-malware marketplace moving into a new era of malware 2.0," said Kurt Baumgartner, chief threat officer at PC Tools. 

"We are now dealing with zero-minute, rather than just zero-day, exploits that have the potential to further evade signature detections."

PC Tools said that malware variants are now released at "immense rates", driving up sample volumes and making it almost impossible for researchers to keep on top of updates using manual analysis.

These threats are taking advantage of the non-detection sweet spot where they can freely propagate and infect before anti-malware companies can respond.

PC Tools argues that new compilers and other techniques are being used to make threats more difficult, if not impossible, to detect with traditional signature-based systems.

Rather than the broad sweeping attacks seen in the past, attacks are now focusing on smaller groups of PCs making it less likely to attract the attention of security vendors. As a result, malware is spreading in "epic proportions".

"The real challenge for security vendors is in identifying new ways to detect the behaviour of malware. Signature identification alone is ineffective in protecting consumers," said Baumgartner.

Fran Howarth, a partner at analyst firm Hurwitz and Associates, agreed with the research. 

"Signature-based detection is dead, be it for antivirus, intrusion detection or any other security measures," she told vnunet.com adding that security companies are currently just "playing a constant game of catch up".

The spyware industry is worth billions of dollars, and there are significant incentives for malware authors to develop techniques to avoid detection.

The researchers estimate that one in five users with major antivirus products already installed on their computers are still vulnerable to these new and emerging threats.

Copyright © 2009 vnunet.com