Why aren’t definitions a good way to discover or remove badware?

There is no limit to the number of new badware programs that can be created.  They are being created at a faster rate than ever before.  With DSL, and Cable hi speed access threats can circulate the globe in hours versus weeks. 

New badware will have new names and processes requiring anti-spyware or anti-virus products to keep definitions up to date in order to find and remove the threats.  By the time a new definition is released you may already be infected.  In order to minimize this from happening definition based security products must quickly discover new threats and push out new definition updates on a frequent and regular basis.

Now what happens if you miss an update or there is a delay in getting out a new definition?  What happens if the site is offline due to heavy usage?  What happens if badware running on your computer redirects your updates to a fake site or prevents you from getting your updates (DNS poisoning )?  When that happens to you, your computer system is compromised and your security is threatened.  These scenarios are not horror stories they are already happening.

Another large shortcoming with definition based products is their inability to find mutating forms of badware.  The badware actually changes (mutates) its name and process names with every reboot or logon in order to avoid discovery by definition based security products.  How can threats be discovered and definitions pushed out to catch badware that is always changing on your computer every time you logon or restart.  They can’t, definition based system will not work against this type of badware security threat. 

With “Intelligent Threat Detection” Repelit does not need definitions to identify the attacker, Repelit does not need to differentiate between virus and spyware, adware or Trojan to protect you.  Mutating forms of badware can not hide themselves from Repelit.