US-based Symantec Corporation's Norton products have blocked more than 30 lakh web-based virus attacks over the last three months; Tokyo-headquartered Trend Micro is scanning almost 50 million URLs and programmes across its userbase on a daily basis; Another US-based internet security provider McAfee is writing more than 10 lakh virus signatures on a monthly basis.
Are these numbers huge enough to affect processing speeds of operating systems on which anti-virus kits are installed?
The global anti-virus tool developers are hence working on malware detection methodologies that reduce actual scanning of installed programmes, copied files or clicked URLs and thus increase computer efficiency. And for this, they are taking help of their registered users, who have built a "good reputation" for using safe programmes.
While both McAfee and Trend Micro are working hard to lessen their dependence on the traditional "virus scanning" method, Symantec has decided to switch over to the "reputation-based" approach within next three to five years.
The 'reputation-based' methodology identifies anti-virus kit users who have found the least number of viruses on their system. Such users are termed as "reputed" users and programmes or files used by these users are considered as "safe". Thus, the anti-virus kit avoids scanning these "safe" programmes or files across its user base and hence reduces the scanning activity considerably to speed up computer operations.
Speaking to Business Standard, Symanetc Corporation vice-president (security technology and response), Stephen Trilling, said, "Competing with the ever-increasing number of malwares and scanning them everytime a system boots, is going to be impossible for anti-virus kit developers. Hence, we are developing a reputation-based malware detection method, which would reduce the scanning operations to a large extent. The method considers programmes used by reputed users as safe and does not scan these programmes on other machines to cut short the scanning process."
The company plans to completely give up the scanning mechanism and adopt the "reputation-based" method over next three-five years, he added.
Trend Micro's India head Amit Nath said his company has developed three crucial data bases containing information of reputed websites, files and emails, which help its tools to cut short the scanning procedure.
"We scan almost 50 million URLs and programmes every day and this number is ever increasing. Hence, we are developing techniques to minimise the scanning process by identifying good files that need not be scanned everytime a machine boots," Nath added.
"Traditional approach that involves writing signatures and scanning all files and programmes won't help henceforth. Hence, we are fast building new methods, which involve reputation-based techniques to reduce the number of files to be scanned," Nath stated.
Similar developments are also happening at McAfee. "We are involving our users to help us reduce the scanning procedures. While we are utilising 30 per cent less resources, our efficiency has gone up by 40 per cent and hence the boot speed as well," said Kartik Shahani, regional director, McAfee.
The firm’s kits now look at vulnerabilities of files or URLs instead of checking them with available virus signatures.
"We have developed a worldwide base of good files and URLs and we avoid scanning these files when found on some other new machines, even if they seem like malwares," added Shahani.
McAfee too is heading towards a state where it would give up the signature-based virus detection approach.
