RSA 2013: Anti-virus software companies unveil new tools and features

By Graeme Burton
26 Feb 2013 View Comments
trend-titanium-2013-interface

Anti-virus software vendors have unveiled a number of upgrades to their systems, including new heuristic detection based on their signature databases, and new protections against botnets.

Trend Micro has introduced new tools in its Custom Defense product to identify malware using black lists, and also to analyse suspicious applications in a sandboxed environment to determine the risk presented.

Further reading

More importantly, though, it is also connected to Trend's Smart Security Network, which enables Trend customers to quickly share the results of their own research with other users - although such sharing is not mandatory.

Trend director of product marketing, Kevin Faulkner, described the system as a "cloud-based protection system". He added: "We are using our own abilities to scan the internet, but we can learn from customers and everything we learn from customers we push out to other customers, enterprise or consumer."

But at RSA 2013, Trend revealed a new tool that it is adding to Custom Defense: command and control detection. Command and control attacks form part of what Trend terms "advanced persistent threats".

According to Trend Micro: "These attacks are typically remotely orchestrated via command and control communications between the infiltrated systems and the attackers themselves."

Communication between the compromised system and the command and control centre often involves additional malware downloads, but the network traffic generated by such a compromise is typically low and therefore challenging to detect. But, said Faulkner, Trend has built up a knowledge base of "classic attack patterns" and is adding this intelligence to its products.

At the same time, security software giant McAfee, now part of Intel, has suggested that the anti-virus signature may soon become a thing of the past.

The company's anti-virus signature database has grown to some 113 million core samples, but it is increasingly using heuristics as the first line of defence, rather than a supplementary feature, in its anti-virus software.

"We are getting rid of malware signatures. All of our systems now work on behaviour and reputation," said Pat Calhoun, McAfee's general manager of network security.

He added that the company was increasingly "taking care" of botnets – networks that can run automated mass-attacks using compromised PCs and servers.

As a result of Intel's investment in McAfee, the company has also paid particular attention to the threat posed by rootkits, malware capable of subverting the software that is intended to find them. The company claims that in tests, its software received a 100 per cent rating in detecting rootkits, compared to 83 per cent for Microsoft's Security Essentials and just 67 per cent for Symantec.

The new features, says McAfee chief technology officer Mike Fay, are part of some 38 improvements to its security software, which also include much tighter integration between various modules. However, some of these improvements are based on integration with Intel-based systems, and are not currently available with laptops, PCs and servers running on AMD microprocessors.

Reader comments
blog comments powered by Disqus
Newsletters
Is it time to open Windows?

Computing believes that Microsoft will start offering Windows free of charge by 2017. Is this a good thing for the enterprise?

56 %
15 %
7 %
20 %
2 %