Symantec updates anti-malware technologies

Information security measures based around tried-and-tested techniques are unable to cope with the growing range and volume of threats, a leading software vendor has warned.

According to Symantec, the use of virus "signatures" to identify malware is no longer enough.

Signature-based approaches worked well when most malware consisted of a single, identifiable threat that spread quickly to a large number of users. Such malware typically contained common elements of code, known as signatures, that could be picked up by anti-virus software. This, in turn, allowed quick scanning of files for malicious payloads.

But malware writers have changed the way they develop their attacks, Symantec suggests. Instead of using one piece of malware to attack millions of systems or users, they are now using individual threats. Frequently, these threats are highly customised. As a result, one signature might only detect a single threat, making signature-based scanning inefficient.

Instead, Symantec is moving to a new system to detect malicious code, based on reputation and user profiles. Software that runs on just a few systems is more likely to be deemed suspect than software that runs on millions, according to developers at the company. When it comes to profiling user traffic on the internet, users who have suffered a malware infection in the past are more likely to be infected again in the future.

The new technologies will be part of Symantec's Norton consumer anti-malware products from 2009. Other improvements will include much faster scanning of incoming files and quicker downloads and installations of the software. This, Symantec believes, will improve security for both consumers and business users, as users are less likely to cancel downloads or turn off security software, in order to improve the performance of their PCs.

One of the things people really complain about in security software, not just ours, is it is slow and heavy, said Janice Chaffin, group president, consumer business unit, at Symantec. "People have a lot of gripes about how it might slow down your system so our goal for our products is to create zero impact on performance. It is not a simple thing to do... we have had to create some new technology in the scanning area that allows us to scan less."