This disclosure relates to malware detection.
The prevalence and accessibility of computer networks requires security measures to protect valuable information. An enterprise, for example, can implement such security measures by using multiple systems at the network edge of the enterprise, e.g., firewalls, gateway security agents, or software security systems in each computing device.
Internally distributed deployment of security solutions have processing inefficiencies. Same file may be inspected by many distributed security systems and malware detection software.
Malware detection software must be updated periodically on user's computing devices and gateway security systems. As new malware is found, new signatures and/or logic must be added. Distribution of changes in such software programs is expensive and time consuming. Another issue is that for small/mobile computing devices such as phones, PDAs, and Laptops, malware detection programs consume considerable space and require considerable processing time.
Yet another problem is the number of devices on which malware detection programs must be updated. Typically, organizations have several thousand computing systems, several operating systems, and hardware platforms and malware products from different vendors.
One alternative applicable for enterprise users is to run malware detection programs on gateway systems such as integrated firewalls. In this case, the upgrades are applied only to the firewall systems. However, there is no direct way of knowing whether the gateway protection is working. For instance, a new malware will not be not detected if it reached the user's computer before a corresponding signature is upgraded in the gateway.
Another alternative is the use of a hosted malware detection service where files are sent to a remote service for inspection. Although this permits the use of a centralized upgrade to malware programs, the data traffic to the hosted service point can consume valuable uplink bandwidth and can result in a speed bottleneck for the inspection of files. For this reason, hosted services are not used by end-users. In addition, there is the possibility of accidental information leakage when information is transmitted outside of an enterprise network. Documents that contain sensitive information must not be sent for external inspection.