twitter facebook rss

Signatures newsflash: AV doesn’t detect what it doesn’t detect

Posted by on July 20, 2015.

I came across a nicely understated sideswipe at anti-malware in an article by Darren Pauli for the Register on Symantec’s report of a dramatic decline in spam levels. Referring to increased numbers of malware variants, he says:

Those variants would include minor alterations designed to slip past ineffective antivirus signatures.

I think they’re probably intended to slip past effective signatures. Though it would be nice to think of criminals burning the midnight oil trying to get past security measures that never worked anyway. Or is that his point?

You can certainly say that the effectiveness of signature-based malware detection is compromised once criminals modify malicious code to evade detection, but a signature (if we must use that word) isn’t ineffective till they do. In fact, it’s still in some sense effective if it’s still finding some variants. (If older variants are still out there, which isn’t necessarily the case in today’s threatscape.)

Unfortunately, no-one in that line of business is catching all variants of everything, but that’s a slightly different debate. 🙂

David Harley

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: David Harley | Tags: , , , ,