E-Mail:

Anti-Virus Protections vs Behavior Blocking Software

Monday, April 9th, 2007
by Ron Schenone

For the past several years, I have read how poorly anti-virus programs actually protect our systems, since they are reactionary and only provide protection after a virus is identified and the threat neutralized. I have often thought that a product that actual alerts the user of a threat by stating ‘ heh, some program is trying to mess with your system”, made more sense. And over the years I have used several different products that actually provide some type of a warning, but not exactly like I stated above. Two such programs I use on my system are WinPatrol and Startup monitor, both o which I have written about in the past.

Does this mean that I have given up on anti-virus protections? No way.I still employ a A/V program or two, just in case. And I also go out on the web about once a month or so and do a online scan, since there is no single problem that is going to provide 100% protection 100% of the time. IMHO. There is always the chance that some hacker is going to be able to outsmart any protections no matter how smart the protection is. So employing multiple-layers seems like the best way to proceed.

So it was with profound interest that I read a excellent article by Ellen Messmer over at Network World, in which she has provided extensive insight into this very subject. She states in her article:

“Some industry analysts are proclaiming the traditional antivirus method for detecting and eradicating viruses, trojans, spyware and other baneful code by matching it against a signature to be “dead.”

They say signature-based checking can’t keep up with the flood of virus variants manufactured by a criminal underworld that is beating the antivirus vendors at their own game. And they are arguing it’s time for companies to adopt newer approaches, such as whitelisting or behavior-blocking, to protect desktops and servers.”

So does this mean that we throw away our anti-virus programs? Nope. We just need to supplement them with other software, like the free ones I have mentioned.

Network World article.

[tags]antivirus, software, behavior blocking, [/tags]

2 Comments

marc klink

April 9th, 2007
at 4:55pm

When I have someone who has been infected by a virus, it is usually because they have shut off the resident component of the antivirus program. The worst offenders are the ones that operate in heuristic fashion. They usually slow down the machine greatly. I tell these people to reboot after their game play [usually why they felt the need to shut off the antivirus component] so that the component will start up again. It would be nice if this advice was followed, but because we’re all human, it gets pushed aside or forgotten about.

You’d think it would make more people want to move to a *nix variant, where this wouldn’t be a problem.

Ron Schenone

April 9th, 2007
at 11:13pm

Hi Marc,
Thanks as always for your comment. I think that a mixed environment is a great idea. Hopefully people will heed your warnings.

Ron

What Do You Think?

 

Want to Start a Blog Here for Free?

Are you an expert in one subject or another? If your goal is to help others and dispense hard-earned information back to the community, stake a claim on your very own Lockergnome blog today! You can write about anything - no matter the topic. Sign-up to start blogging!

General, Google, Internet, Microsoft, Technology - Oct 12, 2008

Google Phone A Failure? Think Again

Blogroll, General, Internet, Technology - Oct 10, 2008

Walmart To Reverse DRM Decision

Blogroll, General, Internet, Technology - Oct 8, 2008

Are You The Type That Can Work At Home?

AMD, Blogroll, General, Intel, Internet - Oct 7, 2008

AMD To Split Itself In Two

66 queries / 1.849 seconds.