Feeds

McAfee dumps signatures and proclaims an (almost) end to botnets

Claims first truly integrated security package

Beginner's guide to SSL certificates

RSA 2013 Signature-based malware identification has been around since the dawn of the computer security industry, but McAfee has said it's dumping the system – or rather, adapting it – in an upgraded security suite which will (it claims) virtually eliminate susceptibility to botnets.

McAfee's malware signature database has grown to over 113 million core samples in the last year. But rather than using just that data to spot malware, McAfee has now integrated behavioral heuristics into its security code so that it can spot unknown samples based on their operating characteristics. The end result could crush botnets as a threat, said the company's GM of network security, Pat Calhoun.

"We're getting rid of malware signatures, all our systems now work on behavior and reputation," he said. "Customers no longer have to worry about botnets; we will take care of that for them. We can catch things that no one else can in the industry."

Calhoun told The Register that when Intel took over McAfee in 2010, Chipzilla put extra funding into countering the threat from botnets. As a result, it now has the ability to search specifically for command-and-control server code, as well as the malware that brings new computers into the botnet fold.

In all, McAfee says it has made 38 new improvements to its security suite, and integrated its various modules much more tightly with each other. Integration of security products into a single unified suite has been the goal of the large security vendors for years, but this time McAfee thinks it has cracked it.

"You can’t take a set of tools, codify a few marketing relationships, and expect it to work," explained McAfee CTO Mike Fay. "We have 150 such relationships and you need to merge them into a system. We've done this and over the next three years you're going to see more innovation as a result than in the last 10 of McAfee's history."

Mac and PC users on Chipzilla's hardware will get an advantage, of course, since McAfee's Deep Defender relies on Intel's kit for much of its efficacy. Fay said it would look at market demand and some technology rejiggering before it would integrate with AMD chips.

As for rootkits – a particular Intel bugbear – McAfee touted a recent test by AVLabs that it sponsored that highlighted the effectiveness of part of its suite at cutting this attack vector short (although it did not specify testing criteria). The tests give McAfee a 100 per cent rating at killing rootkits, compared to 83 per cent for Microsoft and 67 per cent for Symantec.

McAfee also announced it has bought in sandboxing technology from ValidEdge, which runs malware samples in a virtual machine to test their effects on Windows and other systems without letting it loose on the operating system. The first products using the technology will be out in the second half of this year. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.