Many technologies really don’t do a good job at detection and are slow. At McAfee we realized this a long time ago and have been making radical changes to the traditional antivirus model. This has led to industry-wide recognition for the quality of our antivirus detection, which will only get better as we continue to innovate.

But what is wrong with traditional AV solutions? There are many issues, but here are a couple of the big ones:

1) The traditional “blacklist” approach doesn’t scale very well to the amount of malware coming out. McAfee addresses this with a wide variety of automation techniques, cloud-based intelligence gathering through McAfee Artemis technology and a couple of different whitelisting technologies, including our Solidcore acquisition.

2) Other vendors tend to be very slow to respond to threats because they are dependent on their customers and peers to see new malware and then have analysts manually look at incoming samples. McAfee, on the other hand, leverages its Artemis and TrustedSource cloud technologies to get information about potential new threats. As a result we can often block threats automatically, based on what we see happening on the Net. In short, we often see malware long before our competitors do.

I believe that, over the next few years, other vendors will catch up to where McAfee is today, by adding whitelisting and cloud intelligence technologies (though they still won’t have the same level of integration or the management capabilities of ePolicy Orchestrator).

In the meantime, we’re already working on more major improvements for 2010 and beyond!

Here are the latest trends detailed in McAfee’s latest research paper, “Inside the Password-Stealing Business: The Who and How of Identity Theft,” and some quick and easy tools to defend yourself against attacks:

1. Watching Your Every Move: In the past, cybercriminals relied on reviewing long logs of each key you’ve typed to find and snag passwords. But now, malware can simply take pictures of your screen as you enter passwords, others can ID and capture your entries, even from concealed logins (those sites where your passwords appear as “_******”). Cybercriminals can hijack legitimate websites and create fake pop-ups to request your information. Other malware will go straight into your computer’s back corridors and browsers to steal your saved passwords.
2. Gamers Beware: Gaming passwords are now the most targeted logins on the Web. The black market for gaming goods and currencies, and the malware to steal them, continues to grow. As these graphs from the McAfee Threats Report: Second Quarter 2009[1] show, the growth of such malware far surpasses that of malware seeking banking logins, making gamers the most targeted group on the Web. Malicious programs steal gaming passwords so cybercriminals can sell off gamers’ virtual goods for real money—everything from custom characters, weapons, items, and virtual money.
3. Leaving Your Door Unlocked: New password-stealing Trojans and worms not only steal your info, they leave your computer vulnerable to other attacks. Once these bad programs have broken into your computer, they can serve as an entry point for many other pieces of malware. This means your passwords and personal information are not only stolen once, but are left vulnerable to other cybercriminal malware such as Sinowal or Zbot.
4. Malware Plays Nice: Malware has many new techniques to avoid being detected by researchers and security software. From knowing when to “play nice” while in sandbox environments (where researchers safely analyze malicious code), to attacking and modifying the very code of security software to keep itself concealed, cybercriminals are getting better at protecting their investments—and keeping your passwords in harm’s way.

How to Protect Yourself

• The best way to protect your computer from all cyberthreats—password stealing or other—is to run the most up-to-date version of security software.
• If you’re worried your system is already infected, check out McAfee’s complimentary malware scanner, McAfee FreeScan.
• Stolen passwords can lead to all sorts of trouble—from fraud to identity theft. If you’ve been victimized, or worry about your vulnerability to attacks, check out McAfee’s free Cybercrime Response Unit for resources about your level of risk, how to stay safe online, and what authorities to contact if you’ve been scammed.

[1] http://www.mcafee.com/us/local_content/reports/6623rpt_avert_threat_0709.pdf