X
Tech

Waiting for behavior based AV

In this facing up to reality post I question the "wisdom" that constantly predicts the coming of behavior based protection from viruses.Anti-viral technology is very mature.
Written by Richard Stiennon, Contributor

In this facing up to reality post I question the "wisdom" that constantly predicts the coming of behavior based protection from viruses.

Anti-viral technology is very mature. ICSA labs has certified products from 15 vendors. And that list does not even include some great companies like Global Hauri or BitDefender. I don't know all of these products but I do not think any of them are pure behavioral based solutions. They rely on signatures.

The common arguments against signature AV include:

1. Too hard to do research. 2. There is a time lag between release and discovery and another delay before the signatures can be propagated to desk top clients. 3. It is expensive, requiring annual subscriptions. 4. Very hard to manage for the enterprise.

But here are a few reasons why signature solutions are here to stay. Many threats, like Trojan backdoors actually do not exhibit bad behavior when they are silent. Many legitimate programs look like bad stuff. PCAnwhere for instance exhibits the same behavior as BackOrifice.

Most organizations are married to signatures. The reports of *which* virus is hitting their desktops and how many instances were stopped are very valuable. Behavior based systems don't tell you *what* they stopped.

But rather than argue, do a reality check. Pundits have been saying for over 5 years that beahvior based systems will win out in the AV space. ISS bought vCIS to do this, Microsoft bought Pelican. Cisco owns Okena, McAfee owns Entercept. Do any of these companies have an AV product????? NO!!!

It is a sad reality that in order to be effective with Windows computers on the Internet you need to pay an annual subscription that funds the research to create signatures for new threats.

Editorial standards