The Next Big Thing

The introduction of signatures in-the-cloud and community-based reputation analyses have been among the most noteworthy anti-virus advancements of late.

What’s next? What are the new emerging technologies and approaches that users might expect to see in the 2011 and 2012 editions of anti-virus products?

 

I still think theirs more potential in behavior based technology. I think we have only touched the surface of its potential.

I also think that Sandboxing is going to start becoming popular with vendors. A race is going to start for which vendor can create the best sandbox and which vendor can put the sandbox so well into their software the user will use it.

 

im gunna have to say behavior blocking and sandboxing is also the best way for the future, HIPS will never completely catch on with the general public, but behavior blockers are becoming more and more intelligent as time goes on. and lots of people have problems in trusting a cloud based solution so i dont think that will fully catch on either, least not yet.

 

i want a super vaccine to make my PC immune to all the threats in the web, is that possible? oh right finish AV and security software business lol

 

Just turn it off man!
And make sure to never turn it on again

 

I agree with you. Security programs, as children were expected to in past eras, need to "be quiet and stay out of the way" (strange example, yes, but it works). I truly don't think security will ever be or even can be completely automatic. There are just too many variables/situations where a user will need to know something is amiss for one thing. For another, malware tech progresses daily.

Firewalls, HIPS, most behavior blockers are still far too chatty to be considered "for the masses". But, out of those three, I believe behavior blockers are making the most progress in regards to effectiveness and the requirement of being quiet. Sandboxing of course is the ultimate in staying silent and out of the way. But, the bad news is that I have a feeling virtualization programs are going to become targeted by malware more and more in the future. But then again, what security method isn't always eventually targeted?

There's no "win" in the war between security vendors and malware writers. It will always be a "win some ground, lose some ground" battle, no matter how good the next big thing will be.

 

I prefer HIPS over behavior blockers

I don't think sandboxing is good for low resources computers, it slow downs programs. But it is definitely one of the next steps.
Behavior i think are the next big thing, considering they offer good protection with minimum impact. But still it needs user input sometimes

 

Maybe a combination of whitelisting, blacklisting and greylisting would make sense ? Not saying that it will catch on.

Traditionally, AVs rely on blacklisting. Whitelisting could be good, although there is the issue about how to whitelist something. Digital certificates can be unreliable. Hash etc. might work better.

Greylisting: unknown. Behavioural analysis ? Run those programs in a sandbox ? Warn the user about the risk ? Third party cloud analysis ?

Perhaps some form of anti-executable/applocker for greylisting ?

I'm not saying it is going to happen. But it might make sense.

 

Hints of what may come...

 

I wanna test this now please.

 

i put my neck out and say that the next big security thing is gonna be the av hardware cards that kaspersky patented recently and was in some listing on this forum. the price will drop as usual if they are a hit and get to be mass produced or are adopted by some vendor like dell

 

The security vendors can't win in reality or they would cease to exist. Malware writers have the advantage. The next big thing will be a self-perpetuating virus that corrupts the code of malware then following the string of malware hosting IP's; it infects the malware coders machines with a McAfee virus that uses all their systems resources. That way they cannot write anymore malicious code. PROBLEM SOLVED.

 

Haha! I LOL'ed at this one.

 

Put the pipe down.

 

Consider this quote from Popular Science magazine:

Anti-virus hardware cards as the next big thing? Guess when this quote was published: 1993!

 

I think the cloud based AV's will implement a boot time immunizer, like regrun allready has.

With regrun you can download a removal script/file. The Swat idea is problably along these lines.

Behavioral detection for rootkits (the direction avast seems to implement)

PE execution and packed file emulation in a sandbox