Anti-Virus Is Dead; Long Live Anti-Malware

Industry researcher Yankee Group named Prevx the leader in Anti-Malware Herd Intelligence for its approach to behavior-based security. In the report published this month, “Anti-Virus is Dead; Long Live Anti-Malware,” Yankee Group analysts examined the current state of signature-based and behavior-based security performance and concluded that anti-virus and anti-spyware vendors are aware they’re not providing enough protection.

“Prevx is the leading anti-malware vendor providing herd intelligence features,” said Andrew Jaquith, security research program manager, Yankee Group, in the report. “Tens of thousands of Prevx nodes are collecting nearly 100,000 unique malware variants monthly—an order of magnitude more than McAfee collects.”

Prevx Finds Rootkit 10 Days before McAfee 13 Days before Symantec

During a particularly harsh rootkit outbreak earlier in the year, Yankee Group had a front row seat to the capabilities of behavior-based detection products. When a rootkit named Hearse began infecting machines at an alarming rate, Prevx noticed it first, followed five days later by Sana whose behavior-based product also features in the Yankee report. It wasn’t until 10 days after Hearse first appeared that McAfee released a signature, followed three days later by Symantec.

Saving the Sheep from Slaughter

The Yankee Group coined “Herd Intelligence” as a term that encompasses software which leverages the collective data-gathering capabilities of multiple computers to form intelligence against malware. Each computer sends back information about programs (good, bad or otherwise unknown) to a central server for automated analysis, along with data about their runtime behavior.

As other computers attempt to run one of these programs, they instantly benefit from the analysis and are informed if the program in question has been previously identified by the herd as good or bad. The user can then grant or block access accordingly. The report explains that herd intelligence increases as the herd grows because more computers yield a broader net for catching malware. In this way, herd intelligence creates herd immunity.

“The Yankee Group is the first analyst firm to rightly identify what we’ve been saying for months: the anti-virus and anti-spyware vendors are taking longer and longer to identify and then provide signatures for the new virus and malware outbreaks,” said Prevx CEO, Mel Morris. “Because of our ability to recognize threats to our community early on, Prevx is able to provide protection days and sometimes weeks ahead of the incumbent vendors. It’s fantastic that this advantage is recognized.”