Hack The Planet

Because if you don't, who will?

Wednesday, September 30, 2009

Signature vs. Behavior

I have heard a lot of discussion around Signature based security systems and Behavior based systems. There doesn’t seem to be a lot of benefit to either without the other though. One of the nastier trojans, Zeus, is still evading most AV products on the market. I need to look into this more but it seems like companies either lean towards heavy signature and light behavior or light signature and heavy behavior. It shouldn’t be a religious debate. Companies should focus on strong signatures and strong behavior anomalies to determine if a machine is infected. I am very curious to see how Microsoft’s entry in the market will affect it.

posted by holliday at 10:24 am  

Powered by WordPress