What does the future hold for signature-based antivirus? We've got some expert opinions on the subject.
Not just whitelisting
Traditional, signature-based antivirus software has its uses. If a system is actually infected by malware, it "may be the least painful way of removing it", says David Harley, administrator of Avien, the antivirus information exchange network, adding, "Whitelisting does seem to be advocated currently as the panacea du jour.
"I think this relentless search for The Answer, discarding one partially successful solution set for something else in the hope that it will eliminate the problem, is actually unprofessional."
Harley makes that argument because he doubts that any single technology approach will be a 100 percent solution when it comes to security. He wrote that whitelisting thus is likely a supplemental technology for fighting malware, making it one of a host of newer technologies that have been adopted, including heuristics, sandboxing and behaviour monitoring.
This layered approach is increasingly being espoused by major security software vendors, too.
And corporate CIOs certainly don't expect to find one answer to their problems. "If you rely on signatures for security, you're pretty much dead in the water," says Ken Pfeil, head of information security for the Americas Region of WestLB, a German bank.
Pfeil thinks signatures are useful and his firm uses them. But when new malware appears, he often finds it faster to try to break it down himself to understand its potential effects, rather than to wait for his vendor to give him an update. His firm has also adopted tools that use heuristics techniques and anomaly testing, to add oomph to its antivirus approach.
That kind of layered approach to software fits with where Natalie Lambert, an analyst at Forrester Research, thinks the market is going. She says that signature-based antivirus is 'table stakes' for security software, and techniques like heuristic information processing systems (HIPS), which looks for suspicious actions by software, like an application opening itself from the Temp folder.
Lambert says McAfee is probably furthest along in using HIPS among the big antivirus makers, having had more time than its rivals to use new features added via corporate acquisitions.
NEXT PAGE: What the future of antivirus holds
- Is signature-based AV here to stay?
- There's more to antivirus than whitelisting
- What the future of antivirus holds