寄件者: Jon Clay (MKT-US)
傳送日期: Thursday, September 09, 2010 10:15:56 PM
收件者: Paul Ferguson (RD-US); Newsbank
主旨: RE: NEWSBANK:: Antivirus isn't dead--it's growing up
A few points from this article I thought were relevant to us.
However, the tests are to be taken with a grain of salt given the variances in testing standards.) Appears AMTSO has their work cut out for them as it seems more and more reporters are saying this same phrase.
But malware writers are adept at testing their code against the antivirus software and tweaking it until it passes through undetected. This is one of our key arguments on why file-based testing should be taken with a grain of salt. When you test file samples that only come from the same vendors who participate in the test, how real-world is that?? Samples should be sourced at the time of the test and should NOT be obtained by anyone other than the tester.
"In the smartphone world, the answer will not be putting antivirus clients on every phone," said Pescatore. "The answer will be (malware) filtering by cellular carriers...Everything that goes on the phone has to go through the carrier." And where will these carriers get their threat intelligence? This is where Trend Micro’s Smart Protection Network should come into play as they can access our intelligence easily through the cloud.
"It's a fascinating time for AV," he said. "Rumors of its death have been greatly exaggerated over the last few years." As we heard Eva state in HiComm, there is a shift happening and we need to take advantage of it. Protection For and From the Cloud is key, and we have the answers now.
Sr. Core Technology Marketing Manager
September 8, 2010 4:00 AM PDT
Antivirus isn't dead--it's growing up
We've been hearing it for years: antivirus software is dead. But is it really? If so, it seems to have more lives than Richard Nixon.
Rather than being the industry's swan song, mobile devices could be its redemption opportunity.
The antivirus industry is in major transition as threats have evolved from being just the viruses and worms written to exploit holes in Windows that plagued computers in the 1990s to the exploits that target vulnerabilities in Web applications and end user gullibility today.
Many consumers fork over at least $40 for Norton AntiVirus or something similar, many more are turning to free antivirus from AVG or Avast (here's why), and yet millions of computers are still getting hit with infections daily.
While no antivirus software is perfect, the perception that AV often isn't doing a good enough job is backed by studies. Recent benchmark tests pegged the average detection rate among major antivirus products at about 75 percent. (In one test, three out of 10 products stopped all of the original exploits, but the vendors are not named. However, the tests are to be taken with a grain of salt given the variances in testing standards.)
Antispyware and antispam have become standard in most AV, or antimalware, products as vendors have expanded their software into endpoint protection suites. And many have begun placing as much emphasis on heuristic technologies that look at the behavior or reputation of a piece of software as well as matching it to a database of malware signatures. But malware writers are adept at testing their code against the antivirus software and tweaking it until it passes through undetected.
As an alternative, some people are turning to whitelisting technologies that allow only approved programs to run on a computer. Whitelisting is akin to the closed environment of the iPhone where Apple vets every app and is largely effective in protecting the devices, said Gartner analyst John Pescatore. (Bruce Schneier discusses the problems with whitelisting in his essay from last year on the state of the antivirus industry.)
"Antivirus in the e-mail server does a lot of good things...(but) antivirus on people's desktops is almost totally ineffective," Pescatore said. "The antiviral model has been broken for quite a while."
With the fast rise of smartphones and new electronics like iPads, the big challenge for antivirus companies is how best to protect those devices.
It's obvious the traditional antivirus software model won't work, in large part because handheld devices have limited processing power, memory and storage, said Rebecca Bace, chief executive of Infidel, a security consultancy. That's where the cloud comes in, she said.
"There is market demand from the consumer that this will be rolled in as part of the service," Bace said. "This is part of the utilization of network access; something you expect a provider to offer. When I sign up with Verizon, to a degree I'll have the expectation that they'll handle all the security stuff."
Pescatore has a similar view of the future of mobile security.
"In the smartphone world, the answer will not be putting antivirus clients on every phone," said Pescatore. "The answer will be (malware) filtering by cellular carriers...Everything that goes on the phone has to go through the carrier."
Clearly, the antivirus space is grappling with how to move to mobile, said Hugh Thompson, who serves as chair of the RSA Conference and is founder of consultancy People Security and an adjunct professor of software security at Columbia University.
"The challenge for antivirus is how to adapt to new devices, how to allow users to make better choices around what they're doing, and from a business perspective it's coming down to the cloud--what does antivirus mean in the cloud?," he said. "Those three points will define AV over the next two to three years."
Mobile is likely a big reason behind Intel's $7.6 billion acquisition of McAfee, according to Thompson. "For Intel to buy McAfee, they can build some synergies there so that when the chip is released they will have an antivirus solution that supports the chipset and the platforms that come on it," he said.
In general, a big part of the problem for people today is the fact that they are putting so much of their lives on the Web and they don't realize that that data, albeit in numerous different Web sites and sources, can be easily used to trick them into accepting malware with open arms. Sites like Facebook, LinkedIn, and Twitter have expanded peoples' circles of friends and acquaintances exponentially and that can be used to advantage in personalized attacks.
Antivirus will eventually have to defend against social engineering attacks as well as malware, Thompson said.
For instance, an e-mail coming from someone claiming that they met you at an event a few months back and you have a friend in common is more likely to be trusted than one with a generic reference like "LOL is this you?" with a link that appears to lead to a video.
"In the future, an antivirus product will go out and analyze the information and say this is the data that is out there on the Web, this could be a legitimate person, but it will make you aware that you are connected to this person on LinkedIn and you tweeted about a meeting five months ago," Thompson said. "That context sensitive level of threat information is going to be really important in the future."
"It's a fascinating time for AV," he said. "Rumors of its death have been greatly exaggerated over the last few years."
"Fergie", a.k.a. Paul Ferguson
Trend Micro, Inc., Cupertino, California USA