Steven Ginn OPSWAT
Signature-based anti-malware products are only as strong as the definition files deployed with them. With each piece of new malware, a definition file's strength decays - opening up a security risk. This risk is typically addressed by staying 'up to date' - the notion of having the most recently released signature file possible. Users need to be able to identify when they aren't up to date and be able to get the latest definitions easily. There are several mechanisms in place to assist the user base with these tasks, including data file expiration, compliance 'up to date' checks, automatic updates, and various push and pull mechanisms. Unfortunately, as security vendors get more aggressive in their fight against malware (by releasing more frequent updates), these tools start to strain under the burden of maintaining 'up to date' status. As security vendors, we are facing challenges - one to keep up with the spread of malware, and the other to ensure our users have adequate means to keep up with us.
Using statistics collected about the patterns and trends of definition file updates provided by over 65 anti-virus and anti-spyware vendors since 2005, this paper will outline how the 'up to date' mark has become a moving target and some of the changes implemented to keep pace with that mark.