By on

Signature-based solutions are not necessary to organizations' security infrastructures.

For by Dennis Szerszen, vice president of marketing, SecureWave

In their current role, signature-based solutions are no longer part of an effective security strategy. Spyware and other malware have become so complex that signature-based solutions are simply unable to prevent attacks. It is nearly impossible to accurately add every new threat signature to a blacklist-based solution.

While signature-based solutions may be able to block known threats, companies must now deal with the hundreds of new, complex attacks being developed on a daily basis. Security infrastructure needs to evolve accordingly.

As part of this evolution, signature-based solutions will be reduced to clean-up tools, useful for removing known "deadware" that may arrive. However, signature-based solutions are virtually obsolete as a preventative measure against attacks.

To truly prevent viruses and worms from attacking, companies need to realize a simple truth: If something is not allowed to run in a system's memory, it will not cause harm. Based on this concept, the whitelisting approach has emerged as the first line of defense.

Instead of relying on signatures of known threats, whitelist-based solutions allow IT administrators to simply list all executables that are allowed to run, and everything else is denied by default, even unknown threats. A piece of malware may arrive, but it will not execute, deliver its payload or spread to other machines. With a whitelisting solution, companies can future-proof their systems because no matter how complex malware becomes, it simply will not execute.

Against by Shane Coursen, Senior Technical Consultant for Kaspersky Lab.

"Life...finds a way," is a curious but true statement made in the popular film Jurassic Park. Despite our best efforts and precautions, malware – which some claim to be a virtual form of life – continually finds avenues into even our best protected systems.

Signature-based solutions have long been recognized as the gold standard of detecting and stopping all types of malware. Signatures allow for exact identification, and knowing exactly what malware you have gives you the ability to clean it thoroughly. As such, string technology may be the only way to hunt down and repair hidden collateral damage.

And yet, as solid a method as string scanning is, even from the start antivirus research pioneers never rested on their signature-based scanning laurels.

Certain viruses were too dynamic, even for the smartest algorithmic string scanner. The evolution of malware has thus resulted in development of other antivirus software technologies. Heuristic rules proactively detect unknown viruses. Application "safe lists" – this also being a signature-based form of threat detection – exist so that a scan of the application occurs only if a change in it is detected.

Many of these technologies either supplement or directly support the beloved signature-based scanner. Signature-based detection isn't the sole protection approach, but will continue to be a cornerstone of protection as long as there is malware to protect against.

Copyright © SC Magazine, US edition

Most Read Articles

Log In

|  Forgot your password?