Once a user has patched their computer against a particular vulnerability,the computer is then immune to malware that seeks to exploit thatvulnerability. The problem is that patches cannot be immediately delivered:vendors must analyse a vulnerability and develop and extensively test apatch that remedies it — and then push the patch out to users. This is not aspeedy process. The delay between the discovery of a vulnerability and therelease of a patch can often run to more than 50 days22 — and this createsa risk window during which any user running the vulnerable application canbe exploited.The challenge facing security companies is how to close that risk window— and it is a challenge that is far from easy.Anti-virus and anti-spyware vendors face a similar problem to that outlinedabove — they need to analyse hostile code in order to be able to develop,test and distribute a fix. While they are usually able to do this considerablyfaster than application and operating system vendors can release a patchfor a vulnerability, there is nonetheless some delay and, accordingly, still awindow of risk.The heuristic detection (“behaviour analysis”) capabilities built in to manyanti-virus and anti-spyware programs provides some degree of protectionagainst emerging threats, but it is far from complete. Independent testing23has shown heuristic detection methods to be far less effective than thetraditional signature-based detection methods. Technological advancesmay well result in heuristic detection eventually becoming much moreeffective, but at this point in time it is simply too inaccurate to providereliable protection.To be able to provide complete protection against emerging and rapidlyevolving malware, a product needs to be able to close the risk window byblocking exploits and the sources of exploits as soon as they appear. Andthat is exactly what AVG does.

Tags: hostile code, patches, spyware programs, spyware vendors