I think by now everyone using a computer that is somehow connected to the Internet is using an antivirus/Internet security/Spyware/etc. solution. No matter which one you choose they all are based on signatures to recognize malicious code entering your system. Those signatures need to be updated on a regular basis, to keep up with the known malware out there. You wonder why "known"? An antivirus company needs to have a sample of the malicious code to produce a signature. Which means Zero-day malicious code cannot be recognized by the program. Also if you do not update the signatures, the antivirus tool might not catch the latest known malicious code (e.g a virus or a worm) since you are lacking the signature. Let's summarize this and take a closer look:
First of all the malicious code needs to be already known and identified as such before your software can do anything about it. Most vendors incorporate so called heuristic analysis routines into their programs but they are usually so sensitive that most users turn them off (some vendors even have them turned off by default!) or do not react at all. Fact is that the industry has failed to provide a reliable heuristic scan solution so far.
Second those programs do not reliably identify all the viruses they "know". There is not one program out there that has recognized 100% of all the malicious code that is out there in the wild, even having all signatures installed. This is quite disturbing but a reality.
I am sure everyone has complaint about his/her computer being slow or flaky. Ever thought that this might be because of the antivirus program you are running? Reality is that those programs have hooks into all kinds of system calls and are constantly checking memory and files for malicious code. All this costs performance and your time. Unfortunately the signature based checks can only work that way.
Which brings me to the third point, the number of signatures has increased so much that each year the antivirus vendors set a new record in pushing out new signatures.
So what is the point? The point is that all these malicious code programs are dieing a slow death, the death of too many signatures to check in the time available.
Some of the vendors have realized that and are already turning to solutions that utilize the "cloud" (see cloud posting in this blog) and that way recognize infected files that way. But what happens to the people that are offline for an extended time? I guess they might be out of luck.
Here is some further reading:
Antivirus tools compared August 2009
1SSA - Security Consulting, Training and Products
skip to main |
skip to sidebar
Solutions that protect your assets and people in a changing world
The latest news around Information Security from various sources.
Solutions that protect your assets and people in a changing world
Who is reading
Search This Blog
Security News Digest
Posts
Subscribe Email
Digg & Twitter
 |
Disclaimer
Links to third party Web sites on this Site are provided solely as a convenience to you. If you use these links, you will leave this Site. 1SSA has not reviewed all of these third party sites and does not control and is not responsible for any of these sites or their content. Thus, 1SSA does not endorse or make any representations about them, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third party sites linked to this Site, you do this entirely at your own risk.
References/Quotes/Copyright
It is hereby granted to Copy/Link/Quote material found on the 1SSA Blog, but only(!) when a reference to the 1SSA site or this blog is being made.
References/Quotes/Copyright
It is hereby granted to Copy/Link/Quote material found on the 1SSA Blog, but only(!) when a reference to the 1SSA site or this blog is being made.