Researchers develop next-generation computer antivirus system
Antivirus software has become increasingly ineffective, with detection rates as low as 35 per cent, according to computer scientists. A new approach analyzes suspicious files using multiple antivirus and behavioral detection programs simultaneously.
Researchers at a university have developed a network service using the “cloud-computing” method that detects more malicious software than a single antivirus program, the IDG News Service reported over the weekend.
In “cloud-computing”, the processing of a task is performed on a remote server and the result is delivered back to a PC or a mobile device.
Researchers from the University of Michigan contended that antivirus programs do not detect a substantial percentage of malware. They also said there is a time lag between when a threat appears and when the antivirus program is updated to detect it.
Called Cloud AV, the service uses a “muscular” approach which combines 10 antivirus engines with two behavioral detections ones, according to the report. To use CloudAV, a host agent is installed on a PC running either Windows, Linux or the FreeBSD operating systems. The agent can also be installed on a mobile device.
The report added the research paper, authored by Jon Oberheide, Evan Cooke and Farnam Jahanian of the Electrical Engineering and Computer Science Department at the university, said: “Antivirus engines have complementary detection capabilities, and a combination of many different engines can improve the overall identification of malicious and unwanted software. This model enables identification of malicious and unwanted software by multiple, heterogeneous detection engines in parallel, a technique we term N-version protection.”
The report also said during six months of testing, CloudAV detected 98 percent of some 7,220 malware samples researchers ran against it. “A single detection engine only gets 83 percent,” the researchers wrote.
The antivirus engines used by CloudAV are Avast, AVG, BitDefender, ClamAV, F-Prot, F-Secure, Kaspersky, McAfee, Symantec, and Trend Micro—plus two behavioral detection engines, Norman Solutions’ Sandbox and Sunbelt Software’s CWSandbox, the report also said.
The researchers caution that network services such as CloudAV won’t replace antivirus or intrusion-detection software, but could be used in combination to create a better defense against malware.
