With AV-TEST reporting the identification and registration of over 450,000 new malware exploits every day, the need for strong anti-malware measures has never been clearer. In fact, AV-TEST’s recently released graphic confirms the continuing exponential growth of identifiable malware—though it is unclear if this growth is due to improved detection capabilities, a true increase in the amount of malware, or some combination of the two.
Click image to enlarge
IT security professionals are changing tactics to protect users and organizations alike. For example, Google recently announced changes to their ‘Safe Browsing’ service to protect users against potentially unwanted applications and malware. This change, coupled with the recently intensified phishing and malware warnings built into Chrome, signifies a larger shift in the industry as leaders attempt to raise awareness and change user behavior regarding malware and other threats.
As previously mentioned, Google is attempting to combat this trend by abandoning the cartoonish warnings they previously used in Chrome in favor of a bold red screen highlighting the risks of visiting a given site. These changes are driven by the fact that many users blithely ignore or click through the very malware and phishing warnings designed to protect them, especially if they appear on sites that they have previously visited and believe they can trust. But in this age of man-in-the-browser HTML injection targeting trusted online banking gateways, or malware attacks delivered through the website of software development darling jQuery, no site can be considered above suspicion. Users must stop ignoring malware warnings, but they seem determined to continue this incredibly risky behavior.
the newest @googlechrome malware warnings are now on Canary and Dev channels if you want to check em out pic.twitter.com/9uMyCYrbF4
— Adrienne Porter Felt (@__apf__) July 11, 2014Because reduction of risky user behavior is a more effective tool than even the most sophisticated of remediation measures, raising awareness of injection attacks and malware infections will continue to be a major priority for industry thought leaders, service providers and beleaguered network admins alike.
