A press release
from McAfee Inc. announces a breakthrough in computer security software through their new technology named Artemis. The technology, already implemented in the McAfee Total Protection Service
, offers unprecedented real-time protection by contacting an Internet-based service, thus being free from the shortcomings of a signature update approach.
Many of today's security products contain a so called “real-time protection” component; however, the protection offered by these components is not exactly in real time. The term actually describes the process of automatic scanning of all potentially dangerous files as they arrive on the computer, as opposed to on-demand scanning. This automatic real-time scanning is still dependent on malware signatures/definitions which are downloaded from the Internet.
This type of approach has its flaws because such signatures updates are served packed together at a certain time interval, in general once every few hours depending on the product. This means that the security product will not really be aware of all the threats at the same time as the company's researchers and that there is a certain delay until the signatures get to the users. Even more, the users themselves can modify this interval to suit their preferences to let's say once each day, thus further increasing the delay. This delay is already estimated to be between 24 and 72 hours, during which a threat is identified, analyzed, classified, and its signature is developed.
What McAfee proposes through the new Artemis technology is reducing the protection gap from hours to seconds by using the available information about a threat as it is being analyzed by the researchers. The protection is based on specific malware samples rather than “classes” as defined by signatures and these samples are Artemis-enabled and made available as soon as the researchers tag them as malicious. “Artemis provides the capability for McAfee protected endpoints to protect against specific malware samples at virtually the same time that McAfee Avert Labs has determined a sample is malicious,” is explained in an official document.
Charles Kolodgy, research director for IDC's Security Products service, agrees that "the traditional signature-based approach to detecting malware is no longer enough," and points out that "while user behavior has changed and the threat landscape has evolved, malware detection technology generally hasn't kept pace. McAfee's program represents a major shift in how the massive increase in malware should be dealt with. This approach returns the innovation initiative to the defense, one-upping malware writers."
Being already enabled in the McAfee Total Protection service, the technology will also be implemented in the McAfee VirusScan Enterprise
and McAfee VirusScan Plus
products by the end of the month. Also, it has been tested on Windows 2000, Windows XP SP2, Windows 2003 32/64-bit and Windows Vista. At the moment, it only handles malware and not spam, but could be extended to also cover potentially unwanted programs in the future.