What is Proactive Detection and Why Do You Need it?

In the antivirus industry one of the terms we use is “heuristics”. This is a fancy word for “how we detect bad programs that we have never seen before”. The ability to detect bad programs before we have ever seen them is proactive detection. We write the detection before the threat exists. How we can do that is a different article!

 

About 2 AM on February 23rd, if you live in central Europe, we saw a spike forming at ESET’s VirusRadar (http://www.virusradar.com/). The spike was caused by something we had not seen before. We simply labeled it “probably unknown NewHeur_PE virus” which is geek talk for a program that we’re pretty sure you don’t want to run.

 

At about 3 AM as many as about 1 in 25 emails going through our monitoring ISP contained this threat. In this case it was a new run of “Stration” programs. Strations do nasty things like send spam and install bots – little programs that make your PC a toy for the bad guys to abuse, and let them steal any information form your PC they want to.

 

By 4 AM we were down to about 1 in 80 emails containing the threat, but then at about 2 PM we saw an enormous spike. As many as 1 out of every 5 emails passing through our monitoring ISP contained the threat. Millions of these emails with the Stration attachments were spammed out far more quickly than any company could respond to with traditional signatures.

 

 In the “good ol’ days” you could wait a few weeks for detection for the newest threat. Not too far back you could wait a day. In today’s environment, by the time you get your signatures, the threat may have passed. Without adequate security mechanisms in place you got infected or you were lucky. Proactive detection is part of what adequate security mechanisms are.

 

Without the proactive protection our users would have been exposed to the malicious software, possibly resulting in infection and compromise of their computers.

 

Today’s VirusRadar score for the past 24 hours (as of this writing) is:


                  ESET       Stration

                705,860           0

 

That’s proactive protection!

Author ESET Research, ESET

  • Johnny

    Currently, on the virusradar.com there is a threat which shows as critical and is listed as: probably unknown NewHeur_PE virus. It shows that the date it was first captured was 2004-03-17 19:29. If it was captured almost 3 years ago, why has a name not been assigned to it–especially if it has become a critical threat?

    Thanks,

    Johnny

  • http://www.softsphere.com Ilya Rabinovich

    Aha, but how many False Positives have you had with it?

  • Randy Abrams

    With VirusRadar? With proactive detection? I guess it doesn’t matter which the question was, I don’t know the count. We certainly have less false positives than some scanners with little or no proactive capabilities. In general user find that they either encounter no false positives, or so few it is not of concern to them.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.