I've seen articles/comments on the Web indicating that signature based antivirus software is in trouble. According to these sources, malware is becoming "blended," and it is difficult to find all the "pieces" of an infection. If you don't, it will return on a computer. These sources also say that the malware creators are making it harder on signature-based antivirus software by using "short-run" code that is placed in multiple versions and used one at a time so as to prolong an infection. It appears that some of the smaller antivirus companies are having trouble maintaining their signature databases. Some estimates say that the antivirus companies are one or two months behind in their signatures. To improve, some of them are starting to use common signature databases and antivirus engines. Larger antivirus companies are not relying as heavily upon exact signatures and are integrating multiple techniques into their software.

The RSA conference says that new malware tools could make traditional antivirus software ineffective. Kaspersky says that in order to do a better job, antivirus companies need help from governments working in cooperation to stop global malware because many malware writers don't actually deploy their malware--they sell it to others--sometimes in other countries. Recent estimates indicate that the money being made by the use of malware exceeds the revenues of the antivirus industry, so there's big money at stake, and they can afford to buy smart, hungry programmers.

It appears that 2007 will be a tough year for antivirus companies/efforts. They're going to have to work smarter. I think this will be the year when the industry shows whether or not it can stay on top of the new malware.

Let's all support ClamAV and ClamWin. It's going to be a tough year!

Regards,

I too have seen some of the same comments in various journals/trade mags. The malware war ("mal-war") is definitely in an uphill battle phase. The signature based products are in for a tough run for the foreseeable future. Blended attacks need "blended" solutions, eh?

The problem is maintaining a high level of system performance in conjunction with a high level of protection. One of the problems in addressing blended protection is the overall system performance drag and potential interaction issues between various protection options. After all, the reason for using a computer in the first place is efficiency and productivity in order to get more work done faster and thus leverage one's workplace time. If the system spends any significant portion of its time protecting itself then the usefulness of the system as a tool is reduced. A nasty conundrum - at best.

On my home-based machines, I am employing a hardware firewall (Netgear Wireless Router) + Windows SP2 firewall + Clamwin + Cyberhawk + SuperAntiSpyware. The hardware firewall provides the frontline barrier with zero system impact, the Windows firewall provides good solid in-bound protection with minimal system impact, Clamwin provides email scanning with no real-time system impact outside of email, Cyberhawk provides real-time behavioral/HIPS/Zero-Day protection against the nonexistent-signature attacks - with imperceptable system impact, and SAS provides manual scanning/cleaning for a considerable spectrum of non-virus malware. Admittedly, not the absolute most armor plated scheme - but it does leave system(s) much more responsive given that they are not the latest "bezillion Mbps octuple core trillameg RAM" systems (that was fun)

But the point is, delivering productivity and protection on one's existing hardware base in today's "mal-war" environment.