RSS FeedSecurity
The future of anti-virus

The future of anti-virus

Ending the arms race between virus writers and AV companies

By | Published 09:15,

Anti-virus software makes Greg Shipley so mad he has to laugh. "The relationship between signature-based anti-virus companies and the virus writers is almost comical. One releases something and then the other reacts, and they go back and forth. It's a silly little arms race that has no end."

Shipley, CTO at Neohapsis, a security consultancy in Chicago, says the worst part is that the arms race isn't helpful either to him or his clients. "I want to get off of signature-based anti-virus as rapidly as possible. I think it's a broken model and I think it's an incredible CPU hog."

Also in this channel
Related Articles

 

Virtualisation, Big Data and BYOD

Check out our Business IT Hub for opinions and briefings. Read more

The question is, where should he go? Anti-virus as an industry has modeled itself on the human immune system, which slaps a label on things like viruses so it knows to attack them when it sees that same label, or signature, again. Signature-based anti-virus has moved well beyond that simple type of signature usage (though at the beginning, it did look for specific lines of code).

In its current, more sophisticated form, it dominates the market for security software, despite some obvious limitations: You don't use it to stop data leakage, for instance, though many kinds of malware are designed to siphon data out of companies. The number of malware signatures tracked by security software company F-Secure doubled in 2007, and while you might cynically expect such a company to say there's more malware out there, 2007's total doubled the number of signatures F-Secure had built up over the previous 20 years.

Even before 2007, there were plenty of people besides Shipley arguing that anti-virus was an industry in trouble. In fact, in 2006, Robin Bloor, an analyst at Hurwitz & Associates, penned a report titled "Anti-virus is dead."

He argued that malware exists only because anti-virus software exists, and said that anti-virus software was doomed to be replaced by new forms of software, which he calls application control, or software authentication tools. Such tools whitelist the software we use and won't run anything else without the user's explicit permission.

Anti-virus firms think their death is greatly exaggerated, thank you very much -- even those that aren't overly reliant on signatures, like BitDefender, which says that signature-based techniques account for only 20 percent of the malware it catches.

"Signatures aren't dead -- you need them," says Bogdan Dumitru, chief technology officer of the Romanian firm, which uses behavioral targeting techniques to stop the remainder of attacks. Its main research focus is to develop an "undo" feature that will let users hit by malware reverse its effects. BitDefender hopes to release this feature in 2008.

1 2 3 continued on page 2 »

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

HP Business Answers

Join the discussion today

The HP Business Answers group is a vibrant community of small and medium sized business owners and employees. HP provides independent and expert advice in fields such as design, branding, taxation, technology, marketing or manufacturing so join today to network with over 6500 like-minded professionals.

Join the HP Business Answers Linkedin Community

Read the most recent discussions

Read more at the HP Business Answers Linkedin Community

ComputerWorldUK Resources

ComputerworldUK
Share
x
Open
* *