I have heard a lot of discussion around Signature based security systems and Behavior based systems. There doesn’t seem to be a lot of benefit to either without the other though. One of the nastier trojans, Zeus, is still evading most AV products on the market. I need to look into this more but it seems like companies either lean towards heavy signature and light behavior or light signature and heavy behavior. It shouldn’t be a religious debate. Companies should focus on strong signatures and strong behavior anomalies to determine if a machine is infected. I am very curious to see how Microsoft’s entry in the market will affect it.
Comments Off on Signature vs. Behavior
