Signature-free methods like DayZero’s SigFree brand of technologies have distinct advantages

Signatures are representations in digital form of an individual malware’s identity. In a way, they’re similar to a person’s fingerprints. However, unlike fingerprints, malware signatures are easier to change.

Much malware these days is self-mutating. Once it mutates, the old signature is no longer valid and cannot be used in its detection. Most traditional malware detection still uses signature based recognition as its core detection methodology. Even if this is accompanied by other approaches that serve to narrow the number of signatures that need to be compared to a segment of software code suspected to be malware, it is still an unreliable method in today’s world.

Unfortunately, the signature cannot be defined until the malware has been identified, typically after it has done its damage over a significant period of time. The time at which a piece of malware is detected is its “zero day”. In some instances, this is years after it has embedded itself into many computers.

To help you appreciate the difficulty in finding malware using signatures, take a look at “The Worldwide Malware Signature Counter“. And, following is a chart from that same article:

 The Worldwide Malware Signature Counter