Internet threats and cyber crime are increasing at an alarming rate. Individuals, companies, organisations and public services are all exposed to, and threatened by the growth of malicious and criminal software.
One major reason for the extreme growth in new malware, is the increased availability of so called “Developer Studios” for malware. These enable hackers without advanced programming skills to create new trojan horses, backdoors, key loggers and other malicious software simply by following a few easy steps.
Traditional signature-based protection
Antivirus vendors are working in similar way to crime scene investigators. New malware is collected and a “fingerprint” (signature) of the malware is created and distributed to users of the antivirus software. Based on these signatures, malware is detected and stopped - hopefully before it harms your PC.
There are, however, some drawbacks with this approach.
- It is reactive
- The new malware has to be observed and analysed before a fingerprint can be made.
- There is a time-delay from when the malware is created and spread, until it can be detected by antivirus sotware.
- It uses exact signature matching
Similar in nature to human fingerprinting, an exact match of the signature is needed, in order to ensure detection of the malware. Partial matching is rarely enough. This means that new, different variants of a previously fingerprinted malware tend to avoid detection.
Introducing Norman DNA matching
| Malicious file | |
 |
Norman has created technology and methodology to identify and analyse the individual computer instructions and code constituting the programs building blocks. Based on this forensics analysis a DNA profile of the program is created. Norman has built up databases of know malicious program components as well as known legitimate/”innocent” program components |