Why Antivirus Technology Is Ineffective

Search
Archives
Categories
- News (103)
- Tips (50)
- Tools (210)
  - Anti-Spam (19)
  - Anti-Spyware (22)
  - Anti-Virus (24)
  - Content Filtering (20)
  - Disassembler (4)
  - Encryption (33)
  - Firewall (27)
  - Forensics (12)
  - Freeware (149)
  - Hardware (22)
  - IDS/IPS (43)
  - Linux/Unix (125)
  - Live CD (8)
  - Network (157)
  - OSX (80)
  - Packet Sniffer (32)
  - Password Cracker (8)
  - Patch Management (9)
  - Port Scanner (24)
  - Proxy (14)
  - VPN (16)
  - vulnerability Scanner (54)
  - Windows (123)
  - Wireless (17)
Books

Security Books

Robin Bloor at BusinessWeek writes that many malware blockers are inadequate because they target only known intruders, and says there’s hope in new security products. He points to a practical solution, which is similar to “burglar alarm” that sounds when anyone you don’t know tries to enter the house.

The practical solution is to have a “burglar alarm” that sounds when anyone you don’t know tries to enter the house. Deceptively simple, isn’t it? But security products that work in this way have only recently been introduced.

The first company to offer such a product was SecureWave, in 2001. Since then three other companies—AppSense, Bit9, and Savant Protection—have introduced products that work in this way. Instead of focusing on identifying malware, these products manage a full record—a so-called white list—of the valid programs, and prevent other programs from running, or, if necessary, run unrecognized programs in quarantine until their nature becomes clear.

I agree that the idea is simple and good, it’s similar to what a personal firewall does by maintaining a list of approved applications, where user chooses the legitimate applications. But the products such as AppSense gives full control to the administrator, end users cannot install any application by themselves. This should be a good solution for many enterprises, the only concern though would be too many false alarms and administration overhead.