snip from:
http://www.computerworld.com/s/arti..._AV_infrastructure?taxonomyId=17&pageNumber=2
.............".......There are really two industries fighting. The hackers, they are attacking the antivirus industry's infrastructure. How?
First, they created all these variants and all these downloaders. They knew that the whole industry was competing against each other for detection rate. So when they came out with all these variants, it forced all the antivirus companies to add lots of pattern files. Those pattern files got so bloated because of the competition, [that] one it [created] lots of false alarms. So people hated antivirus for so many popups and false alarms. Second, the performance got really bad, so users tended to disable it. Two years ago there was a survey, called "The Most Hated Application," and antivirus -- not ours, but antivirus -- was on the top. So they attacked the whole antivirus industry in this way and therefore if we continue to compete with the detection rate thing, it just plays into their hands.
The second way they attacked antivirus infrastructure is the fake AV. If you look at this, they can fake any other application. Why do they fake AV? They make money and also they ruin antivirus companies' reputations and confidence in the whole antivirus industry.
Can you imagine our support engineers getting phone calls, "Hey your antivirus did not detect these viruses. This other antivirus detected all these viruses for me." And we have to explain to them, "No no no, that antivirus is actually a virus." It's a large burden for the antivirus [industry] to defend ourselves and to defend against that kind of bad reputation.... More at link
------------------------
snip from:
http://www.networkworld.com/news/2008/061808-trend-micro-antimalware.html
Trend Micro is taking a new approach to product development that relies more on cloud-based security than traditional downloading of virus-pattern files.
"The new strategy is called the Smart Protection Network," says Eva Chen, Trend Micro's CEO (pictured).
Existing antimalware defenses from Trend Micro revolve around signature-based pattern matching of viruses, which requires computers to receive updated pattern files, Chen points out. But this technique is growing unwieldy with several million new viruses discovered each year.
Looking ahead, Trend Micro envisions "moving the pattern files into the cloud," Chen says. Instead of downloading a huge pattern file, a Trend Micro "smart agent" on the desktop or server will read a file and calculate a hash code and checksum for it. The
"Signatures are added to the cloud, not the desktop," Chen says. The technique is expected to result in a software product that's about 70% less hefty in terms of code.
-------------------------
http://cloudsecurity.trendmicro.com/cloud-based-protection-networks-improve-threat-protection/
Today’s threat landscape has required security vendors to change their approach to protecting customer data. TrendLabs℠, Trend Micro’s threat research arm, states there are now 3.5 new threats released every second by cybercriminals. Traditional approaches to security just cannot keep up with this. Those traditional processes looked like this:
snip from:
http://www.computerworld.com/s/arti..._AV_infrastructure?taxonomyId=17&pageNumber=2
.............".......There are really two industries fighting. The hackers, they are attacking the antivirus industry's infrastructure. How?
First, they created all these variants and all these downloaders. They knew that the whole industry was competing against each other for detection rate. So when they came out with all these variants, it forced all the antivirus companies to add lots of pattern files. Those pattern files got so bloated because of the competition, [that] one it [created] lots of false alarms. So people hated antivirus for so many popups and false alarms. Second, the performance got really bad, so users tended to disable it. Two years ago there was a survey, called "The Most Hated Application," and antivirus -- not ours, but antivirus -- was on the top. So they attacked the whole antivirus industry in this way and therefore if we continue to compete with the detection rate thing, it just plays into their hands.
The second way they attacked antivirus infrastructure is the fake AV. If you look at this, they can fake any other application. Why do they fake AV? They make money and also they ruin antivirus companies' reputations and confidence in the whole antivirus industry.
Can you imagine our support engineers getting phone calls, "Hey your antivirus did not detect these viruses. This other antivirus detected all these viruses for me." And we have to explain to them, "No no no, that antivirus is actually a virus." It's a large burden for the antivirus [industry] to defend ourselves and to defend against that kind of bad reputation.... More at link
------------------------
snip from:
http://www.networkworld.com/news/2008/061808-trend-micro-antimalware.html
Trend Micro is taking a new approach to product development that relies more on cloud-based security than traditional downloading of virus-pattern files.
"The new strategy is called the Smart Protection Network," says Eva Chen, Trend Micro's CEO (pictured).
Existing antimalware defenses from Trend Micro revolve around signature-based pattern matching of viruses, which requires computers to receive updated pattern files, Chen points out. But this technique is growing unwieldy with several million new viruses discovered each year.
Looking ahead, Trend Micro envisions "moving the pattern files into the cloud," Chen says. Instead of downloading a huge pattern file, a Trend Micro "smart agent" on the desktop or server will read a file and calculate a hash code and checksum for it. The
"Signatures are added to the cloud, not the desktop," Chen says. The technique is expected to result in a software product that's about 70% less hefty in terms of code.
-------------------------
http://cloudsecurity.trendmicro.com/cloud-based-protection-networks-improve-threat-protection/
Today’s threat landscape has required security vendors to change their approach to protecting customer data. TrendLabs℠, Trend Micro’s threat research arm, states there are now 3.5 new threats released every second by cybercriminals. Traditional approaches to security just cannot keep up with this. Those traditional processes looked like this:
- Customers would submit a suspicious file to their security vendor for analysis
- The security vendor would analyze and confirm it as malicious
- A signature would be created to identify that file as suspicious
- The signature file would be published to the vendor’s update servers
- The customer would update the signature (usually once per day) on each and every computer within their network
snip from: