As 2009 came to a close, we at Symantec looked into our crystal ball and made a few predictions of what we expected to see in 2010. Now that were half way through the year, weve taken a look back and evaluated ourselves based on how our forecasts have panned out thus far.
Antivirus is Not Enough With the rise of polymorphic threats and the explosion of unique malware variants in 2009, the industry is quickly realizing that traditional approaches to antivirus, both file signatures and heuristic/behavioral capabilities, are not enough to protect against todays threats. We have reached an inflection point where new malicious programs are created at a higher rate than good programs. As such, we have also reached a point where it no longer makes sense to focus solely on analyzing malware. Instead, approaches to security that look to ways to include all software files, such as Reputation-Based Security, will become key in 2010.
Status: On track
Reasoning: Unfortunately, the bad guys have proven us correct here. Symantec created 2,895,802 new malicious code signatures last year alone. This was a 71 percent increase over 2008 and a number representing more than half of all malicious code signatures ever created by Symantec. Furthermore, Symantec identified more than 240 million distinct new malicious programs, a 100 percent increase over 2008. We are on track to continue this upward trend in 2010. In just the first half of the year, we have created 1.8 million new malicious code signatures and identified more than 124 million distinct new malicious programs.
This means it is becoming less likely that traditional security technologies will catch every new threat out there; there are simply too many of them, even with automated systems in place. Technology that does not rely on capturing and analyzing a threat in order to protect against it, like Symantecs Reputation-Based Security, is indeed becoming imperative. Other methods that are also playing a key role in combating todays most pervasive threats are heuristic, behavioral and intrusion prevention technologies.
Social Engineering as the Primary Attack Vector More and more, attackers are going directly after the end user and attempting to trick them into downloading malware or divulging sensitive information under the auspice that they are doing something perfectly innocent. Social engineerings popularity is, at least in part, spurred by the fact that what operating system and Web browser rests on a users computer is largely irrelevant, as it is the actual user being targeted, not necessarily the vulnerabilities on the machine. Social engineering is already one of the primary attack vectors used today, and Symantec estimates that the number of attempted attacks using social engineering techniques is sure to increase in 2010.
Sign up for Computerworld eNewsletters.