A combination of the best features of locally running systems with security services running in the cloud would be an ideal solution to beat malware threats.
F-Secure chief technology officer, Pirkka Palomäki, claimed there are three phases in the threat landscape: the first was the older mass-produced viruses, which could be defended against through signature-based detection; the next phase involved more customised viruses, which used technologies such as rootkits to avoid detection; and the current phase sees not just a greater abundance of malicious software, but increasingly individualised attacks.
The company believes that enhanced proactive technology, combined with real-time protection delivered from the cloud, is the most effective way to deal with this threat.
Palomäki claimed that the system would work by running real-time look-ups on new files and applications, allowing them to be compared to databases of black and white lists.
Palomäki said: “In the last 12 months we have discovered as many new individual malware cases as seen in the entire history preceding it, highlighting the massive growth of the problem.
“At the current rate of acceleration there will be around 16 million new pieces of malware by 2013, far too many for today's client-based technologies to handle as signature databases would become too large, scanners would run too slowly and the program would not be able to update often enough to offer robust protection.”
He further claimed that as well as providing a wider breadth of protection, and reducing the number of unknowns, this approach can help protect against zero-hour threats as the platform is protected in real-time for all customers.
More aggressive heuristics can also be employed, as the number of potential false positives is greatly reduced. A further benefit would be that when the system is offline it would act as a more traditional security application, though the number of potential attack vectors would be reduced as well.