THE ANTIMALWARE APPLICATION CHAOS
In its 2006 survey of 616 US IT security professionals, The Computer Security Institute found that 65% of companies represented had experienced a virus attack. Given the consistently expanding number of recorded viruses and malicious threats, many vendors have stepped into the security space, offering anti-virus, anti-phishing, anti-spyware personal firewall and other security technologies seeking to deliver protection against these threats. The amount of security solutions and applications is in the thousands; every year vendors release additional solutions designed to provide faster and better protection against evolving threats, increase product usability, and support additional platforms.
The increasing quantity of security vendors and applications introduce new challenges to security vendors and system integrators tasked to classify, identify, manage and check currency of anti-malware applications — whether the task is associated with an integration project to solve needs for specific customers, or building a new security solution that needs to interoperate with one or many anti-malware applications. The Classification Challenge includes a verification of anti-malware application binaries, especially when they could be compromised by malicious code. Malwares can do that by creating binaries and executables with identical names, by adding similar registry keys or by reporting to the operating system.
The Identity Challenge includes a verification of anti-malware application binaries, especially when they could be compromised by malicious code. Malwares can do that by creating binaries and executables with identical names, by adding similar registry keys or by reporting to the operating system.
This challenge extends with the existence of rogue applications – a rogue application is marketed as an anti-malware application. It reports to the operating system as an anti-malware application although it does not provide proven, reliable anti-malware protection. It may use unfair, deceptive, high pressure sales tactics to induce gullible, confused users to purchase.
The Manageability Challenge is a common programmatic way to control common features of anti-malware applications. Although each anti-malware vendor may offer similar functionalities such as scan or update, managing these functionalities programmatically differs from one solution to the other. Different anti-malware applications have different interfaces. Some anti-malware applications have an API programs, others may have a well documented CLI, but the interfaces are not consistent across vendors. For example – one vendor could expose definition update functionality, but others may not. Any integration attempt also faces interface quality aspects across the vendor spectrum as interfaces may break.