McAfee brings nearly instant malware updates

What if your desktop security application could detect and remove a new threat that was only minutes old? That's the impetus behind McAfee Artemis Technology, announced on Monday.

Artemis, which McAfee plans to market within its 2009 consumer products as "Active Protection," is not focused on hourly updates, or even 15-minute updates, as rival Symantec has. It means instant detection, said Dave Marcus, director of security research and communications for McAfee Avert Labs.

McAfee's use of Artemis is similar to Trend Micro's use of cloud-based computing to analyze and produce new signature files within 15 minutes in that software on the desktop, then pass suspicious files to a larger, remote database. McAfee's Marcus told CNET News that the difference is that McAfee plans to use a desktop communication channel already built into the product, so existing users won't need to download new software.

The file database maintained at McAfee Avert is much larger than what's possible on the desktop. Marcus said it's responsive to minute-by-minute changes in the threat landscape. The new technology opens a doorway to the larger database.

When asked if Artemis is a listening agent, one that reports desktop activity back to McAfee, Marcus dismissed the idea. He said that whenever the McAfee software finds something suspicious and not in its signature database, it'll ping the larger database back at McAfee Avert Labs to get the signature needed. The files sent back and forth are minuscule, he added.

Marcus confirmed that McAfee would continue to send down daily signature files, but, in the heat of the moment, if a new malware sample is received by a McAfee-protected computer, it'll have instant protection from the vast database back at the company headquarters.

[innamaze]

interesting concept.