Antisource.com  /  Security Forums  /  About  /  FAQs  /  Links  /  Polls  /  Advanced Search     
Register!   Login  
The All Inclusive Security Resource
Defending users and administrators against the
threat of viruses, trojans, spam, spyware, and hackers
Topics
General News
Antivirus Reviews
Network Defense
Spyware
Anti-Spam
Phishing Scams
Virus Alerts
Security Forums
Desktop Security
Malware Removal Help
Spam Blocking
Patches and Hotfixes
Antivirus Support

Network Security
Firewalls and Routers
Intrusion Detection
Web Proxies
Quick Resources
About Antisource
Malware Threats Triangle
Free Virus Scan
Virus Map
 

Security Predictions for 2005

Wednesday, January 12, 2005
Author: Richard S. Westmoreland
Permalink: 20050112160312631 		General News
Email Article to a Colleague Printer-Friendly Version Author's Profile


Vnunet.com has an article written by Iain Thomson, making some predictions based on the current security trends. Almost all of the predictions are understandable, but I have to disagree with the first one - that signature-based antivirus software will be replaced by heuristics.

The article can be located at:

www.vnunet.com/news/1160190

The article highlights these predictions:

  • Signature-based antivirus software is finished
  • Spam rates will regularly hit 90 per cent of all emails
  • Cyber-terrorists will remain mythical
  • No Longhorn in 2005
  • No security, no connection

Heuristics is not a new concept. It has been tried and tried again. In fact almost all antivirus engines already include a synergy of virus signatures and moderate heuristic logic. In the past any aggressive heuristics that tried to track malware variants with no base signature incurred a large amount of false positives that prompted users to just shut it off.

No the answer is not heuristics. It's old news. Even a sophisticated artificial intelligence engine would be no match for the volume of polymorphic and encrypted variants that are released, using exploits the same day they're found.

The solution is in firewall technology, or more specifically, intrustion detection systems. Why waste so much effort on compiling thousands of signatures on viruses that use the same exact exploit? Why rely on a heuristics engine that can block legitimate processes and file access? An antivirus solution with builtin IDS could receive exploit signatures as soon as they're discovered, and effectively stop every virus released (within the realm of that exploit).

This isn't so much a prediction as it is a suggestion. We need to go back to signatures - but of a different kind. The Antivirus IDS would not just block viruses that spread through network vulnerabilities, but block the automatic infection of worms that spread through holes in Internet Explorer or Outlook Express (which really is another form of network vulnerability). If the virus still manages to get onto the machine in some other manner, the Antivirus IDS can still block the attempts to spread out to other machines, effectively stopping an outbreak. It's then up to the traditional signatures to handle post-infection removal.  

Comment about Security Predictions for 2005 | 0 comments |

The following comments are owned by whomever posted them. This site is not responsible for what they say.

 
 Copyright © 2012 Antisource
 All trademarks and copyrights on this page are owned by their respective owners.
Running GeekLog | Privacy Policy | Created this page in 0.05 seconds | Site Stats | RSS Feed xml