demise of anti-virus programs?

hello all,

has anyone read the hurwitz white paper entitled, "Anti-Virus Is Dead" ?

this neophyte claims gross ignorance of things technical, but the topic of this paper seems to be a good idea to help with the new "small visitors" that can inhabit our computers.

https://secureitalliance.org/blogs/files/227/1942/AV is dead - use graylisting.pdf

 

IMHO, the funeral dirge should not be played for antivirus software just yet. It's "blacklisting" database may be becoming obsolete, but there is still a place for it. I've made this point before, but this is a good spot to make it again, all HIPS and behavior blocker fans need to understand that, with few exceptions, these applications are still too complicated for your AVERAGE user. And, until there are enough (not just one or two) of these applications that can perform their functions with the least amount of user interaction, they are not (again, IMHO) going to take the place of the tried and true AV.

 

Any such suggestion might be worthy of concern or attention except that today AV's are exercising a radical alteration of their AntiVirus products & pattern to not just exclusively depending on blacklists alone and are implimenting ProActive (HIPS-Like) defenses in combination with their programs.

IMHO, this spells the eventual demise of some mal-makers efforts to manufacture & code malwares & viruses on the same levels they used to enjoy a few scant years ago, and in spite of the occasional new and sometimes unexpected introductions or updates, they actually seem to be dropping off in comparison.

If anyone has access by link to a reliable scale from which to draw some useful comparison foreclusions of this evidence to their (AV's) latest new approaches, heuristics notwithstanding, that would be of much more interest i think.

 

Yes, and many other white papers by Hurwitz & Associates. They are informative and present an interesting perspective on the psychology of thinking in one part of the security industry.

Two things to keep in mind:

First, they focus on businesses. From their website:

http://hurwitz.com/

Second, they advocate Application Control/Software Authentication technology, the topic of theWhite Paper cited:

The product used for illustration is Bit9 Parity.

For their marketing purposes, it is necessary to insist that Anti-Virus products have no place in this environment:

If that isn't clear enough, then:

The obligatory statistics are found to back up the assertion:

Ironically, with Bit9 Parity, the AV Black List technology is retained:

Note also that there are different modes that can be specified by the System Administrator:

And so we've come full circle to the situation requiring a user decision. If a laptop becomes infected while on the road because the user installs software that is malware, when again connected to the network, the potential problems are obvious.

The only secure organizations are those which maintain complete lockdown of all company computers, such as the Los Angeles Police Department:

This takes care of users, but at some point the System Administrator has to insure that new software added to the Department's list of authorized software is clean. This Hurwitz White Paper proposes Bit9 Parity as one solution.

A careful reading of the various solutions available to businesses show that they all attempt to solve the same problem we all encounter: How do you insure that what you install is clean? The marketing game, of course, is to convince the consumer that this or that solution is the best.


---