Signature-based security is no longer effective

Dark Reading - sister site of Light Reading which had been source of much rumor and information when I was in networking market - has recently reported that malware is reaching epidemic level. It sites reports from two security firms, PandaLabs (research arm of anti-virus company, Panda Security) and AV-Test (an independent anti-virus software testing organization). Key statistics are the followings.

• Number of malware has increased 5 to 10 times in 2007
  
• Average of 3000 new variation of malware each day in 2007
  
• Approximately 72% of networks with more than 100 workstations and 23% of home users are currently infected with malware even with operative antivirus or other signature-based tools in place
• Approximately 5.5 million different malware files identified in 2007 - 5 times as greater than 2006
• 118,000 different malware files in 2 weeks of January in 2008

All these numbers indicate that signature-based approach to computer and network security is no longer effective and cannot scale. While signature-based solutions have worked fairly well so far, they have one fatal weakness; no known signature, no detection and thus no defense. And as the numbers show, the rate at which malware is created is clearly overwhelming signature-based security companies.