Feeds

* Posts by kareldjag

1 post • joined 29 Jun 2007

The decline of antivirus and the rise of whitelisting

kareldjag

Real need of Antivirus mutation

"Antivirus are dead" or whitelist approach as the substitute of the blacklist, well this is here quite excessive: what about classical users who are the champions to surf on porn sites, p2p networks or warez (video games for free)...how can they filter infected files from safe file? by an analysis with a debugger on a test environment?

The future of "Defense in dep" in any environment (home or corporate) is a combination of several technologies and security models and approaches; virtualization (in vogue, higly appreciated by "cost killers"), black list softs (antivirus, web filters), white list softwares (HIPS and anti-spam for instance), hardwares protection (antivirus in the chipset, antirootkit like Copilot), Rollback or reboot and restore softwares (DeepFreeze etc)...

But there's a fact: antivirus need to operate their mutation: an antivirus only based blacklist is not currently an interesting investment: a behvioural analysis module for instance could be a plus:

That's was demonstrated by "A-B-C" by the test of the Security Sofware Testing Alliance:

http://ssta.over-blog.fr/article-10792223.html

I suggest the read first of the last article: "antivirus: the antimarketing test".

Let's imagine the result with a pure antivirus..RIDICULOUS...

Regards

0
0