Commtouch publicized the new Malware Outbreak Center earlier this week, a resource on our web site to learn about new malware variants, and comparative catch-times for each of the AV engines. All very nice info for Commtouch commercial purposes, to try to convince AV and mail security vendors to add Zero Hour Virus Outbreak Protection as an additional protection layer. But beyond this goal, one wise journalist asked me yesterday, how useful is it for the world at large? My answer is very useful, and here are several:
1) The information itself is as a wake-up call to the industry: traditional AV is not working; there are new malware variants almost every day that are breezing by the signatures and heuristics that companies are paying lots of money to keep up-to-date. You already know my opinion on typical advice to block file attachments with particular extensions. It is basically an admission of failure. If an AV cannot distinguish between a good file and a bad one, it is simply not doing its job.
2) If IT managers are in the market for a new AV, or additional an AV engine, they can use the Malware Outbreak Center to compare historical catch times.
3) IT managers can view the MD5 checksum – an industry standard way of referring to the “ID card” of the virus – and create a rule to block just that checksum. Again, it’s an admission that their AV isn’t doing its job, but wouldn’t you rather be protected? Incidentally, I’ve seen other comparative catch-time charts on the web, but none that freely display the checksum like we do, to make it possible for other AV researchers to check for themselves.
4) The Center can be used as evidence when presenting to decision makers to request additional security budget.
5) For the media, the Malware Outbreak Center can be a constant source of new information, as there is a never-ending supply of new malware, even during the “quiet” periods like right now.