Skip Links

Network World

  • Social Web 
  • Email 
  • Close
Where you need it, When you need it. Network World's iDemand platform delivers the information you need right to your desktop.

Has the end arrived for desktop antivirus?

Analysts say traditional desktop antivirus, signature-based protection won’t protect corporate jewels — whitelisting, behavior-blocking technology is the answer
By Ellen Messmer , Network World , 04/05/2007

Is the bell tolling for desktop antivirus technology?

Some industry analysts are proclaiming the traditional antivirus method for detecting and eradicating viruses, trojans, spyware and other baneful code by matching it against a signature to be “dead."

They say signature-based checking can’t keep up with the flood of virus variants manufactured by a criminal underworld that is beating the antivirus vendors at their own game. And they are arguing it’s time for companies to adopt newer approaches, such as whitelisting or behavior-blocking, to protect desktops and servers.

UPDATE 4/25/07: McAfee, Symantec, Trend Micro reveal their plans

“It’s the beginning of the end for antivirus," says Robin Bloor, partner at consulting firm Hurwitz & Associates, in Boston, who adds he began his “antivirus is dead" campaign a year ago and feels even more strongly about it today. “I’m going to keep beating this drum. The approach antivirus vendors take is completely wrong. The criminals working to release these viruses against computer users are testing against antivirus software. They know what works and how to create variants."

The fundamental problem “isn’t about viruses, it’s about what should be running on a computer," Bloor says.

Instead of antivirus software, he says, users should be investing in whitelisting software that prevents viruses from running because it only allows authorized applications to run.

Whitelisting products are available from SecureWave, Bit9, Savant, AppSense and CA, the first traditional antivirus vendor to see the light, in Bloor’s view.

Others are joining Bloor’s way of thinking. Andrew Jaquith, a security analyst at Yankee Group, in December published a research paper entitled “Anti-Virus is Dead: Long Live Anti-Malware." Yankee Group’s research indicates that there’s an "explosion" in cumulative malware variants, with 220,000 cumulative unique variants expected in 2007, a tenfold increase over 2002 levels.

The antivirus vendors simply can’t keep up, Jaquith says, noting that some antivirus lab managers privately complain this flood of virus variants, which force signature changes every 10 minutes, adds up to the equivalent of a denial-of-service attack against them.

“Most antivirus labs work the same way; they get more samples than they can handle on a daily basis," Jaquith says. “They triage based on severity. The antivirus people are like folks with nets trying to catch the big fish, so if you’re a bad guy, you want to be a minnow and get through the driftnet."

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comments (17)
Login
Forgot your account info?

Previx 2.0By Gaz on June 15, 2007, 5:50 amJust installed Previx after getting the smanager.7.exe whatever which kept causing pop-ups which stoped everything working on my computer. Upon restart, it blocked...

Reply | Read entire comment

Signature-Based Products Are Not EnoughBy Joseph on May 17, 2007, 11:44 amAre signature-based products useless? I would contend that they are not. However, their effectiveness is sharply declining in light of the new breed of security...

Reply | Read entire comment

signatures are not dead...By Mohit on April 25, 2007, 2:06 pmSignatures are not going away anytime soon. I wrote about Host IPS on my blog http://securetheworld.blogspot.com A snippet from there: Interestingly, the term...

Reply | Read entire comment

Interesting question but...By Elder Norm on April 24, 2007, 10:41 amWhile the replys above are interesting, I have to ask, "If you were to run an internet accessing desktop system with non of the standard virus protections in...

Reply | Read entire comment

Application Control is the way to go!By Michael Burton on April 16, 2007, 4:22 pmI agree with the argument that traditional methods are not effective enough when it comes to desktop security. Application control based on policy is the next logical...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.