In the beginning of the virus era, computer users were introduced to the concept of signature-based anti-virus scanners. It's an idea whose time may well have come and gone. Read More ..
"Since the 1990s people have used signature-based scanners as their primary line of defense," said Roger Thompson, chief emerging threats researcher at ICSA Labs, a research and testing facility for security vendors and their products.
Signature-based scanners have remained popular because of support issues, noted Thompson. A behavioral-based anti-virus scanner tends to generate a support call if it detects an anomaly. In contrast, if a signature-based scanner detects malware, the malware is blocked and it doesn't usually lead to a support call.
"Signatures made sense when there were only thousands of viruses," Thompson said. "These dys there are 300,000 new malware samples every day."
While he noted that it's not possible for signature-based scanning to keep up with the volume of new malware, that's not necessarily the issue. In his view, most new malware samples that are detected on any given day are not likely to be active in the wild.
"Testing people's signature scanners is a dumb idea unless you know which of the 300,000 samples are the important samples," Thompson said.