The vast majority of organisations totally underestimate the number of new malicious threats that are written daily. In fact, Kaspersky Lab’s recent research revealed that around 200,000 new malware samples appear around the globe on a daily basis.
Simon Campbell-Young, CEO of Phoenix Distribution, says that information security has always been a catch-up game. "It is utterly impossible for malware signature detection to keep up with the slew of threats that are flooding the enterprise. However, there is still a strong need for this sort of protection in any organisation, big or small. For each new virus that is discovered that is not detectable by an existing signature, or that might be detectable but cannot be thoroughly removed because its behaviour is not 100% consistent with previously known threats, a new signature must be created."
He says the process of creating malware signatures is not an instant one. "The security researcher would first need to establish whether a file is in fact malicious. Once a file has been identified as such, the researcher would need to create a hash – a number that identifies the file through a string of unique text - or algorithm of the particular file. The signature then needs to be tested, and the signature database updated so it can be applied to the systems."
"Once the new signature has been created and tested by the AV vendor, it is given to the end user in the form of signature updates. These updates add the detection capability for that particular threat to the scan engine in the AV solution. Sometimes, an old signature is replaced with a newer one that offers better detection capabilities."
Campbell-Young says whether the update is offered hourly, daily or weekly is entirely up to the AV vendor. "This is largely dependent on the type of threat itself. For example, adware and spyware scanners, because they are a lot less prolific than viruses, will only offer weekly signature updates, but viruses, given the tens of thousands discovered hourly, are updated at least once a day. Due to the vast numbers of new viruses written, AV vendors simply cannot release an individual signature for each threat uncovered, and tend to release updates on a set schedule. An exception is usually made for particularly virulent or dangerous threats."
There are also times when malware authors will write a malware variation that is so complex, it requires several researchers, sometimes from several organisations to write a signature. "In addition, they have been known to write variations of malware within the same malware family in an attempt to evade signature detection."
In terms of blocking known threats, signature-based file detection is hugely important, but Campbell-Young says much of its real value lies in the assistance it gives for investigation and forensics. "A step forward in the fight against malware is understanding how it works."
He says this understanding gives antivirus researchers ways to improve their techniques. "Behaviour-based detection is slower than its signature-based counterpart. It also uses more system resources, and has been known to produce a lot more false positives than signature based detection."
He adds that many companies are looking to signatures in the cloud to enhance protection, as the latest updates can be more quickly accessed. "Unfortunately, too many PCs work in in offline or static environments, and cannot check for the latest updates in the cloud. In this way, AV remains a fundamental tool for identifying and removing malware."
Editorial contacts
Mia Andric
(+27) 082 564 0087
mia@exposureunlimited.net
About
Phoenix Distribution is currently the leading Value Added distributor of software, accessories and peripherals across the African continent, covering software publishing, localisation and product distribution across multiple territories in multiple languages. The business is segmented into two divisions, namely corporate software licensing and consumer product distribution.
The business is segmented into two divisions, namely corporate software licensing and retail product distribution, and Phoenix Distribution dominates the consumer and SMB security sectors through key brands which include: Norton/Symantec, AVG, Kaspersky and Bitdefender. Additional brands within the consumer-focused range include, Microsoft software and peripherals, Beats by Dr Dre, Trendnet Wireless products, Monster Cables and mobile accessories.
The corporate licensing division sells volume licensing into the enterprise and SMB reseller environments, as well as covering architecture and implementation. The ESD division delivers download content into all channels, including B2B and B2C.
The retail division delivers physical product into the retail environment, covering all mainstream ICT, CES, telco, lifestyle, fashion and sports outlets, as well as independents and online stores. This division delivers direct to outlets and or customers across sub-Saharan Africa.
Phoenix Distribution is growing at 70% per annum, with additional acceleration coming from development within the greater African marketplace, as well as the acquisition of significant high-end product lines within the enterprise arena. In addition, the company’s UK business, PX Security, is firmly entrenched within the UK retail and SMB reseller environments, shipping product through trusted distribution partners into mainstream retail outlets and direct engagement with B2B resellers. The UK operation publishes and distributes Bitdefender, Webroot and Avast.
Additional bespoke services offered to partners include Electronic Software Distribution within the B2B and B2C environments, category management, training and end-to-end merchandising.
Phoenix Distribution, including the UK subsidiary PX Security, was recently acquired by First Technology Holdings.
For more information, visit www.phoenixsoftware.co.za, www.pxsecurity.co.uk and www.pxsoftware.co.za.
For purchasing information in Africa, visit www.kasperskyafrica.com, www.kasperskyangola.com, www.kasperskybotswana.com, www.kasperskymozambique.com, www.kasperskynamibia.com, www.kasperskysouthafrica.com, www.kasperskydrcongo.com,
www.kasperskyzimbabwe.com, www.kasperskyzambia.com, www.antivirusangola.com, www.antivirusbotswana.com, www.antivirusmozambique.com, www.antivirusnamibia.com, www.antivirussouthafrica.com, www.antivirusdrcongo.com, www.antiviruszimbabwe.com, and www.antiviruszambia.com
Share
