Hi malware fighters,
Proactive, not reactive
Blocking viruses and spyware by using signature-based scanning is a reactive measure.
There's no way to keep signatures up to date for the new malware that's churned out every day.
Some crimeware is even designed to generate a new signature for each attack.
Virus scanning still has its place, but you also need something smarter.
Malware has to find a way to install itself before it can initiate harmful action.
Most of these installation behaviors are well known.
Why not watch for this malicious behavior instead of trying to catch every variant of the malware?
If you can block installation, the malware is stymied.
There's another dimension of behavior that can be blocked too.
Malware has to come from somewhere. Some websites silently install malware when you visit.
Others serve up malware disguised as useful software.
Why not block those evil websites?
There are now online services that screen websites for malware and other adverse behavior.
The best of these services are augmented by human networks that report problem websites.
McAfee SiteAdvisor, finjan, WOT, and Exploit Prevention Lab's LinkScanner are prime examples of services
that block malware at the website level.
Avast's Webshield and Network shield can pro-actively intervene the access to websites with malicious content found on it.
Firefox 3 natively blocks access to websites that are known to attack visiting computers.
Firefox 3 with its security extensions like: NoScript, RequestPolicy, Perspectives, CSP,
and firekeeper with some specific anti malware rules lists installed can add pro-actively
towards a better in-browser security,
polonus
