The end of antivirus?
Infoworld asks whether the end of anti-virus scanners may be upon us.
There are really two separate questions here: first is there no longer a need for AV software, second does AV software provide any usefull protection? While the answer to the first question is clearly yes the answer to the second is increasingly no.
The problem with anti-virus scanners is that they try to play a game that is weighted heavily in favor of the attacker. The effort required to write a new virus is orders of magnitude less than the effort required to detect a virus, fingerprint it and distribute the fingerprint data. The anti-virus providers could win the game when the number of viruses was relatively small and the viruses propagated themselves by reading address books. Today the virus writers win by blasting out their trojans by the tens of million in the space of an hour. The trojans have already made it into user's inboxes by the time the signature is ready.
The way to win is to detect and patch vulnerabilities rather than attacks. Everyone recognizes that if you wait until the worm is launched it is too late to upgrade your database software. Malware removal tools have their uses, if a machine has been compromised they are the only way to restore it to health. Like the hospital Emergency Room, when they are needed they are needed urgently but a security strategy that relies on fingerprint detection techniques alone is as bogus as a healthcare strategy where the Emergency Room is the first recourse rather than the last.
