Back to Top

Tuesday, July 24, 2007

The emperor is not naked!

I was reading the SANS journal for this morning (in my time zone :-)), titled Antivirus: The emperor is naked and got a little upset (probably because it's very hot here and I didn't had my morning tea yet :-D). If you are like me (eg. lazy) and don't want go over to read the post (btw, subscribe to SANS, they are a great information source), the short version of it is that AV can't cope with some advanced malware served up through exploits which are transformed each time somebody downloads a copy (that is, you can't download two identical copies).

The reality is: while there are many drawbacks of AV (and blacklisting in general) and this certainly is a problem, all of the successful AV companies have moved away from simple signatures (like searching for one or more byte sequences) to more complex methods. And anything that is generated by an algorithm in finite time (like this malware) can be identified by an algorithm (the AV software).

The post has a very valid point however: corporations where the variety of used software is limited should move away from a blacklist approach to a whitelist approach for maximum safety.


Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.