Vendors tussle over spam-busting tactics

Vendors tussle over spam-busting tactics

Not content with trying to scare the pants off enterprise IT managers as well as consumers, acquisitive IT security player Symantec is warning current heuristic and Bayesian signatures used for virus and spam detection are becoming a redundant solution.

Claiming current signatures are little more than "a mathematical best guess to combating spam and the rise in phishing attacks", Symantec Australia senior security analyst Andrew Gordon claims the frontline combating malicious code is shifting to the carrier or ISP level and in Australia ISPs and is making headway.

"As more ISPs come on board to secure mail servers the better, but we will still see the same amount of spam, but it will be coming from bot networks, spam bots or Trojans - traditional applications will be using heuristics or Bayesian signatures to stop them but are nothing more than a mathematical best guess," Gordon said.

Subsequently, Gordon said Symantec is now using "spam rating" technology to power its current 8100 and 8200 Series mail security appliances, adding the rating system operated through dynamic bandwidth allocation based on a combination of addressee history, categorization and intelligence.

Input for the rules running spam rating are derived from Symantec's acquisition of the Brightmail Logistics and Operational Centre (BLOC) honeypot - which analyzes data from two million dummy e-mail accounts.

However, not all IT security experts agree with claims heuristics and signatures have had their day.

While declining to comment on Symantec's latest offering, Computer Associates' virus research manager Jakub Kaminski said current heuristics and Bayesian-orientated filters are not outdated and are remain necessary for combating spam and malware and are part of an overall solution, not a method.

"The current heuristics and signatures are relevant, but it is a constant race - the guys that design spam use the same products as the guys that aim to stop it so they can test the malware against current protection."

Sophos' Asia Pacific head of technology Paul Ducklin agreed with Kaminski, saying that "although it sounds corny, more is more" when it came to defending against malicious code and added "that no technology is off limits".

"If you can use an old-fashioned signature to knock off 50 percent [of malicious code], why wouldn't you? But [to effectively counter] malicious code you need many layers, at the ISP, at the gateway, within corporate policies, on file servers and on the desktop," Ducklin said.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments