It's that time again when we take a look at the innovators in our industry. Over the years, we've tracked new developments and there have been good years and some not so good ones. When we started this feature around four years ago, we were in a creative drought. Things got steadily better, and 2011's selection was pretty good on balance. We initiated a Hall of Fame and things looked as if they might be on the mend. That brings us to this year and we are pleased to report that the industry is holding its own. There are several reasons for this.
First, the bad guys are getting better at being bad. That always stimulates the game of “leapfrog” that we always seem to be playing. We can't even give you a credible estimate of the number of new strains of malware that are appearing on a day-to-day basis. The stats are so muddled that it is difficult to tell whether we are talking about actual new malware or just new variants of existing bugs. We suggest, however, that it does not really matter. Bad is bad, and at some point quantity ceases to be as big an issue as the impact.
“Small companies are relatively free to innovate because they are small and need to evolve to survive.”
– Peter Stephenson, technology editor
With that in mind, the Holy Grail of anti-malware – signature-less detection – becomes more and more important. Zero-day has evolved to zero-hour and there needs to be a new way to detect and destroy malware. Some products are taking the approach that detecting and clearing certain types of malware just is not necessary. Rather than doing such a difficult task, these products attempt to do one of several things.
First, don't let the bugs get into the system in the first place. That sounds a lot easier than it is. But there are some pretty clever approaches to that problem appearing on the market. Second, assume that you're infected – whether you see any direct indication or not – and take measures to prevent damage. That means stop the payload whether it is destructive to the host or exfiltrates data out of the system. The third approach is to quarantine the entire process that allows the infection – a browsing session, for example.
Another area of innovation is in the test and analysis group. These include the products that assume that one has lost the battle. Their purpose is to allow users to determine what happened and take action to avoid losing the war. Some others are proactive. These solutions let one test the mettle of a system before it gets whacked, and then take appropriate action to clear the faults they find.