Searchsecurity.com today has an interesting article "Dynamic code obfuscation: New threat requires innovative defenses". The article lays out the changing face of malware and the threat to enterprises.
As the article states, code is often intentionally obfuscated to prevent reverse engineering. Hackers in the past have adopted this as well. Malware detectors responded by using code signatures to detect the obfuscated code which has already been recognized. However, as the article points out, the game has gone up a notch with dynamic code obfuscation.
Today, viruses are created that are unique for every computer it infects. This effectively kills traditional malware detection approaches using signatures since every attack is now unique. It requires anti-virus vendors to instead adopt heuristic responses.
The challenge with adopting this technique is that it's very processor intensive. As the article points out, it likely means placing this technology at the enterprise gateways.
My point is that all this technology is pretty new and that in some or many cases, it is insufficient to prevent malware attacks. The advantage is currently with the criminals until we have widespread adoption of new detection techniques. This means that it is likely your outer perimeter will be successfully breached. Have in place layers of additional identity authentication security behind the firewall to mitigate the risk.
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us