Small antivirus and anti-spyware companies are being overwhelmed by the amount of malware being produced, according to security researcher Alex Eckelberry.
Eckelberry, president and chief executive of antivirus company Sunbelt Software, said on Thursday that the huge amount of malware in existence makes it difficult for small compnaies to tackle the problem.
"No longer can a company compete with a few folks in the lab and a group of good programmers," wrote Eckelberry in a blog post. "They're out there: little companies with small teams working an anti-spyware or antivirus product, but it's hopeless. A small platoon won't win this war. You need a brigade."
Eckelberry quoted AV-Test.org statistics that he said showed "a good representation of the staggering load of malware that anti-malware folks are under". According to Eckelberry, the number of unique samples of malware, with variants, rose from 564 in 1986 to 5,490,960 in 2007. At the beginning of 2006, the number of unique samples of malware was still under a million, but this number had quintupled by the end of 2007.
While anti-malware processes can be automated, said Eckelberry, it is the non-automated processes that are being overwhelmed. For example, hunting down new malware, tracking IP addresses and the locations of potential malware users, reverse-engineering specialised code, creating signatures for difficult malware, and coding to deal with rootkits, all require some form of human interaction, said Eckelberry.
Mikko Hypponen, chief research officer for antivirus company F-Secure, agreed that the amount of malware is rising rapidly.
"The numbers are going through the roof," said Hypponen on Friday. "We're getting 17,000 samples [of malware] a day, and our database uses 30TB of hard-drive space. The job is getting harder and harder. Small companies will be overwhelmed unless they get really clever."
Hypponen said that small antivirus companies need to invest in automated technology that is capable of identifying individual cases of malware, as well as technologies that identify malware based on its behaviour.
"[Antivirus companies] still need virus-specific detection, combined with generic [behaviour-based] detection," said Hypponen. "F-Secure can handle that because we made a major investment in our backend systems three years ago."