Posted by Monte Robertson on Thu, Apr 22, 2010 @ 12:16 PM
Yesterday was a bad day for the good people at McAfee because one of the antivirus software signatures released removed a valid Windows file. This caused the affected machine to fail and get stuck in a re-boot loop.
If you are not familiar with how Antivirus signatures work, here is a quick lesson. When malicious software is found on the Internet it is analyzed for an identifiable code structure. This is its signature. That signature is then incorporated into a unique list of known bad programs that the Antivirus software program uses as its detection base.
The key phrase for today's world there is "when malicious software is found" because it must be found to have a signature. There is a technology called "heuristics" where algorithms and other techniques are used to determine if code is good or bad and take action based on that decision. This is the beginnings of proactive protection, but, if you guess wrong, bad things can happen.
So how do allegedly good programs get on this list? Fair question. Because threats have changed over the years antivirus software companies not only have to detect and remove viral programs, or fractional code, we are also requiring them to remove spyware and malware, or fully functional code. Our operating systems and applications are fully functional code. This part of the detection and removal process is where things like this happen.
This type of problem with signatures is yet another Achilles heel for reactive based solutions. The threats are changing so fast that antivirus software companies are struggling to keep up. We really need a change to how we protect the average computer. We need to move from a reactive position to a proactive one which is a huge paradigm shift for this industry. Many smaller antivirus software companies will not survive this imminent move in technology.
It is not an easy job we are asking antivirus manufactures to do. Mistakes will happen; no antivirus company is immune from this fact. Be supportive and not react too quickly. Encourage others to be part of the solution and stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070