High Quality
Open the downloaded document, and select print from the file menu (PDF reader required).
Panel Introduction: Life After Antivirus – What Doesthe Future Hold?
Martin FréchetteSr. Principal Engineer Symantec Research Labs – Advanced Concepts
2
The Evolving Threat Landscape
•Attackers have shifted away
–from mass distribution of a small number of threats –to micro distribution of millions of distinct threats
•How? Their servers generate a new malwarestrain every few minutes/hours
–Each victim potentially gets attacked by adifferent strain! –Called “server-side polymorphism”
•How big is the problem?
–We now know of over 1.8M distinct malware strains –We’re collecting 10,000s of new strains per day
•Further, our sensor data shows us that we’ve
passed
an inflection point…
–The amount of malware released now exceeds theamount of goodware! –From Nov 7
th
to Nov 14
th
, roughly 54,600 new EXEswere downloaded by (participating) consumer users –Of these, roughly65% of all files were malicious!
time# of apps
good apps
m a l w a r e
Coping with the Malware Flood
•The current blacklist model is decreasingly effective at coping withmillions of distinct threats
–Vendors are generating up to 20,000+ new fingerprints per day! –Furthermore, many strains of older malware may also go permanently undetected!
•Why? Because if only 3 people in the world have a threat, there’s little chance asecurity vendor has discovered it and written a signature for it
–A few years ago, a single classic signature could protect 10,000s of users –Today a single classic signature typically protects < 20 users
•The result is that the industry
–is flooding its customers with 100s of thousands of signatures every month, –yet our efficacy was arguably better a decade ago with 1/100
th
the signatures!
Conclusion: The classic fingerprinting approachneeds to be augmented/replaced.
Add a Comment