How to Combat Malware Threats with Behavior-Based Anti-Malware

The amount of malware threats on the Internet has increased significantly over the past two years. New Web 2.0 tools only increase the dangers for PC users. As more kinds of devices connect to the Internet, the anti-malware industry needs to move from signature-based detection to behavior-based detection when combating malware threats. Here, Knowledge Center contributor Somesh Jha explores in detail the shortcomings and advantages of signature-based and behavior-based anti-malware approaches.


Social media networks are growing at an astounding rate. Facebook reportedly has passed 160 million users worldwide. Other social networks are growing at fast rates too. We are surrounded by fun and useful Web 2.0 technologies that help us collaborate and create our own content. Unfortunately, this also means we face escalating security vulnerability risks. There has recently been an unsettling increase in the amount of malware on the Internet.

The very architecture for Web 2.0 tools that allow for greater interactivity also open up new venues for computers and networks to be attacked by malware.

Organizations are now using Web 2.0-based solutions and social media networks in their workplace. There are many companies now who have eight or more of these applications in use on their networks. This trend of people using more Web 2.0 applications at work and at home has increased malware attacks and corporate data leaks-and the costs to repair them.

Most collaborative and interactive Web applications require code to run inside a user's browser. Online scripts using Flash and JavaScript are becoming part of the Internet user's everyday life. Web vendors only need to look at the successes of Google Docs, Facebook and YouTube to see the value in embedded programming running inside a browser. As would be expected, this process continues to accelerate as processes and applications follow documents and other files into the Internet cloud.

The problem in all of this is that code can be easily manipulated to allow entry into computers or networks. With so much of the Web now using code run in the browser to function, you cannot really just turn the scripts off and still enjoy the utility of the Web. Browser is the new operating system. The escalating functionality of what users can do within their browsers means there is also an increasing number of ways that malware can enter computers and networks-as a house becomes a mansion and it has more windows to see out, there are also more ways for thieves to break in.

Where once Internet users had to beware of clicking suspicious links in e-mail or downloading unknown programs, malicious programs can now come in many more forms. They do not always require mistaken consent to infect a computer. Malicious code has been found operating in advertisements running on Flash, rich HTML in e-mails and in many forms of JavaScript functions.

To combat these types of threats, the industry is moving from signature-based anti-malware to behavior-based approaches. Let's explore these in detail.