Hi malware fighters,
An uncertain future for signatures? Can the signature model survive the enormous growth of malware?
“At the end of the day the signature databases will grow so exponentially
that searching them will be to demanding of available resources.
So the tradital signature model will be left some day,” according to one AV-vendor.
Others are more cautious.
“It might well be that the signature based model will be history one day,
I won’t see that happen in the foreseeable future.”
At Norman’s they are convinced the signature model will stay for us for a considerable time to come.
"The signature model will be with us forever, because it is a less expensive additional model.
On the other hand the signature model never be a perfect detection tool.
The time has long gone that virus scanners only use ‘known signatures’.
The overall detection model is much more complex, only it is still being called “signatures.”
Kaspersky’s analyst says that signatures no longer exist, where behavior blockers etc. are meant.
“To cleanse a machine will be no longer possible, a {re-}format would be the only realistic option.
Moreover where file infectors are prevalent, this would mean also that disinfection would be further impossible”
Because the way malware is produced, it is very unlikely that signatures will ever cease to exist.
“Other techniques have errors too. It would mean that these also should be actualized many times
per day. Because of the complexity of these systems we’d better stick to the signature model in whatever form.”
polonus