« | Main | Finding wood where you expected steel »

The end of antivirus?

Infoworld asks whether the end of anti-virus scanners may be upon us.


There are really two separate questions here: first is there no longer a need for AV software, second does AV software provide any usefull protection? While the answer to the first question is clearly yes the answer to the second is increasingly no.


The problem with anti-virus scanners is that they try to play a game that is weighted heavily in favor of the attacker. The effort required to write a new virus is orders of magnitude less than the effort required to detect a virus, fingerprint it and distribute the fingerprint data. The anti-virus providers could win the game when the number of viruses was relatively small and the viruses propagated themselves by reading address books. Today the virus writers win by blasting out their trojans by the tens of million in the space of an hour. The trojans have already made it into user's inboxes by the time the signature is ready.


The way to win is to detect and patch vulnerabilities rather than attacks. Everyone recognizes that if you wait until the worm is launched it is too late to upgrade your database software. Malware removal tools have their uses, if a machine has been compromised they are the only way to restore it to health. Like the hospital Emergency Room, when they are needed they are needed urgently but a security strategy that relies on fingerprint detection techniques alone is as bogus as a healthcare strategy where the Emergency Room is the first recourse rather than the last.

Posted by Phillip Hallam-Baker on September 13, 2006 05:03 PM

Comments

I attended the IP3 Security seminar Securing the Converged Enterprise this week and Ken Kousky, IP3 CEO, had Panda Software on hand to present on mal-ware threats. It turns out that between April and June 2006, less than 7% of the new mal-ware threats identified included "traditional" viruses, or "file infectors" as Bruno Rodriguez referred to them.

In fact, if you look at the offerings from Panda, they are moving into a broad area of threat detection and prevention. I think traditional AV software is probably dead; but protection software, is certainly alive and well, selling on a store shelf near you as we speak.

Posted by: Jeff Pettorino | September 20, 2006 11:41 PM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


Categories

Accountable Web | Cryptography | Ideology | OpenID | Security Technology | Security by Slogan | Usability |

Archives

July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
September 2007
May 2007
April 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006

Recent Posts

San Francisco locked out of its servers
Cybercapos
Drowning in disinformation
The the DNS patch
Cyber-attack: why care?
Cyber-war and Cyber-crime
Technology and Governance
Major bust of phishing ring
As the gas prices get tough, the tough shop online?
I thneed this

Blogroll

The VeriSign Infrablog

Comments

We encourage comments and look forward to hearing from you. Please note that VeriSign may, in our sole discretion, remove comments if they are off topic or inappropriate.
Powered by
Movable Type 3.2
Disclaimer: Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of VeriSign.

VeriSign Legal Notices

Read our Privacy Policy