Search This Blog

Friday, August 14, 2015

Signatures, product testing, and the lingering death of AV

Virus Bulletin recently published a paper of mine on Hype heuristics, signatures and the death of AV (again). If you’re one of the people who’ve followed my writing over the last couple of decades (hi, how are you both?) the general thrust of the paper won’t surprise you. After all, it’s only a couple of years since Larry Bridwell and myself asked in a paper for AVAR 2013 ‘Whatever happened to anti-virus?‘, looking at all the misconceptions and distortions the anti-malware industry has attracted. Especially the one about how scanners are supposed to detect only known malware, using static signatures. Er, no…
It’s not that the anti-malware industry – or the anti-virus industry, as its critics continue to call it, possibly in the hope that no-one will notice that it detects a good deal more than viruses and has done for many years – is beyond criticism. Indeed, perhaps the time has come for an informed re-evaluation of its role and context in the security industry. However, it does irritate me when criticism is based on lack of knowledge or, even worse, a desire to mislead in the hope of diverting market share from mainstream anti-malware towards their own product.


Signatures, product testing, and the lingering death of AV

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.