* Posts by Andrew Radley

1 publicly visible post • joined 27 Jun 2007

The decline of antivirus and the rise of whitelisting

Andrew Radley

Polarised views so far

Neither solution is perfect - this is the nature of security.

I very much doubt that the implementation of whitelisting will require a new check every day to get your normal applications to work. It will cache these results and only need to go 'outside' for new files. This will make it viable for most things - except macros I would have thought. But what is is going to do with data files which have been infected and are using buffer over-run vulnerabilities to execute arbitrary executibles on the users PC? Surely they're not going to try to put ALL files into a database.

Desktop AV is good at what it does - detecting known viruses on the desktop. It's not so good at catching the new viruses for one very good reason - we expect it to be very fast. If AV is given more time, it will be better at detecting new viruses, but our users expect everything yesterday, so we daren't turn up the wick on the detection for fear of them complaining their PC is running 0.5% slower than it was yesterday.

Sounds to me like whitelisting will become a major technology, but as part of an AV solution, not the whole.

Andrew Radley

StreamShield Networks