In 2007, two million new malicious code samples were detected. This is expected to grow to 15 million in 2008, as cyber-criminals focus on finding new ways to evade protection provided by traditional detection methods.
This is according to Nikolay Grebennikov, Kaspersky Lab VP of research and development, speaking during an international press tour in Moscow yesterday.
Grebennikov says traditional anti-virus programs are no longer 100% effective.
According to Kaspersky, the important thing is not which malicious programs are known by the anti-virus solution, but rather which applications are executed on the individual computer.
"In the beginning, known bad applications were blocked, and unknown applications allowed. Currently, known bad applications are blocked and unknown applications observed and controlled. Kaspersky has taken this a step further. Bad applications are blocked, good applications are allowed and, if unsure, applications are categorised and restricted."
He says Kaspersky Lab`s application control is built around several factors: white-listing - maintained lists of trusted programs and applications, security rating, user community-driven data, behaviour analysis techniques, vulnerability scanner, urgent detection system and an access rules engine.
"Security rating evaluation technology is used to estimate risk levels for unknown files and is based on static and dynamic application analysis," says Grebennikov.
He adds that Kaspersky Lab`s white-listing database has over 18 million files that can be used for application control, and is updated in real-time.
Talking of urgent detection, he says samples from the Kaspersky worldwide community come in and unknown samples are sent to the company`s analysts.
"The analysts recognise any potential danger of suspicious files and add them to the Urgent Detection System. Should another Kaspersky user go to the original Web site and attempt to execute the file, the system sends an alert stating the suspicious file is potentially dangerous, and the application control system prevents the file from executing."
He says this is real-time security delivered from the cloud and is more efficient than one minute or five minute updates. It happens in seconds, offering real-time protection for the customer.
Share
