The world of malware protection has to change to protect users against today’s threats. Fifteen years ago, when nearly all of today’s available antivirus solutions were architected, typical malware code was authored by a bored coder whose main aim was to damage data and then boast about it. Now malware is designed to attack specific businesses or individual users, stealing data by stealth It’s a very different battlefield that requires very different malware protection.
But the architecture of today’s antivirus solutions has not changed to meet the challenges of today’s threats, and is still largely dependent on signatures. This kind of malware protection is also a target for the malware designers, who are constantly testing their creations against popular antivirus products, so they know those programs will not be able to detect their malware during those crucial first hours after its release – when most of the damage is done. By the time the antivirus vendors and their signature databases catch up, the attacker has already reached his goal and changed his malware code to make it undetectable again.
Signature-based malware protection provides only limited protection for users, because it doesn’t go into action until after the malware is out in the open, making it ineffective against the newest threats and targeted hacker attacks. According to the CSI/FBI Computer and Crime survey, even though 97% of the enterprises surveyed have malware protection in the form of antivirus software and firewalls, 65% of them suffered a malware attack.
Antivirus vendors have doubled the size of their signature databases in less than a year as they try to keep pace with the increase in zero-day and targeted threats, but they still can’t deliver effective malware protection, because they simply cannot match the speed of creation and distribution. The traditional “one solution fits all” approach to malware protection and hacker attacks is no longer viable.
Organizations and individual users need malware protection that is equally effective against known and unknown malware threats, no matter what form those threats take. Proactive technologies need to be layered on top of antivirus to create effective malware protection by blocking any unauthorized code activation or other tampering with system and application software. While traditional antivirus can protect and treat systems infected with known malware, proactive protection is far more effective when it comes to preventing new malware and vulnerability exploits without needing regular signature updates.
SafenSoft SysWatch provides proactive malware protection by establishing and maintaining the integrity of the system. Based on the cutting-age VIPO technology, SysWatch does not require signature updates, because the entire approach is based on preventing unauthorized access or change rather than identifying and then neutralizing individual threats. By controlling application activity, SysWatch prevents malicious code from activating on the system, effectively protecting endpoints from both known and unknown or zero-day threats.
SysWatch’s application launch and activity control keeps the system in a known-good state and also effectively avoids the problem of false alarms that dogs traditional whitelisting approaches.