Is Desktop "Anti-Virus" dead?

Status
Not open for further replies.

s18000rpm

ಠ_ಠ
Traditional desktop antivirus, signature-based protection won’t protect corporate jewels — whitelisting, behavior-blocking technology is the answer.


Some industry analysts are proclaiming the traditional antivirus method for detecting and eradicating viruses, trojans, spyware and other baneful code by matching it against a signature to be “dead."

They say signature-based checking can’t keep up with the flood of virus variants manufactured by a criminal underworld that is beating the antivirus vendors at their own game. And they are arguing it’s time for companies to adopt newer approaches, such as whitelisting or behavior-blocking, to protect desktops and servers.

... The approach antivirus vendors take is completely wrong. The criminals working to release these viruses against computer users are testing against antivirus software. They know what works and how to create variants."

The fundamental problem “isn’t about viruses, it’s about what should be running on a computer," Bloor says.

Instead of antivirus software, he says, users should be investing in whitelisting software that prevents viruses from running because it only allows authorized applications to run.

Whitelisting products are available from SecureWave, Bit9, Savant, AppSense and CA, the first traditional antivirus vendor to see the light, in Bloor’s view.

Others are joining Bloor’s way of thinking. Andrew Jaquith, a security analyst at Yankee Group, in December published a research paper entitled “Anti-Virus is Dead: Long Live Anti-Malware." Yankee Group’s research indicates that there’s an "explosion" in cumulative malware variants, with 220,000 cumulative unique variants expected in 2007, a tenfold increase over 2002 levels.

The antivirus vendors simply can’t keep up, Jaquith says, noting that some antivirus lab managers privately complain this flood of virus variants, which force signature changes every 10 minutes, adds up to the equivalent of a denial-of-service attack against them. ...more


It builds a whitelist of [Dynamic Link Library] files allowed to run, and if it hasn’t authorized the file, it won’t run," Rickels says. The only downside he has found in using it for more than a year is that it takes administrative time to adjust the Sanctuary software to recognize the propriety bank applications or software patch updates from Microsoft.


Source : *edge.networkworld.com/includes/styles/i/nwlogo-06.gif





P.S. pls dont say "use a Mac" or Linux. :D

its just a info i wanted to share with for Windows users like me:cool:
 
Last edited:

anandk

Distinguished Member
exactly my sentiments !

"...with this, the days of defination based defense may be numbered. yes, signature-based malware scanning is declining in effectiveness ! but still, at this point only a few of today's security suites include "BEHAVIOUR-BASED" protection !..."

had expressed them here *www.thinkdigit.com/forum/showthread.php?t=35915&highlight=future
 
Status
Not open for further replies.
Top Bottom