Ron Schenone

Anti-Virus Protections vs Behavior Blocking Software

Posted by on Apr 9, 2007 | 8 Comments

For the past several years, I have read how poorly anti-virus programs actually protect our systems, since they are reactionary and only provide protection after a virus is identified and the threat neutralized. I have often thought that a product that actual alerts the user of a threat by stating ‘ heh, some program is trying to mess with your system”, made more sense. And over the years I have used several different products that actually provide some type of a warning, but not exactly like I stated above. Two such programs I use on my system are WinPatrol and Startup monitor, both o which I have written about in the past.

Does this mean that I have given up on anti-virus protections? No way.I still employ a A/V program or two, just in case. And I also go out on the web about once a month or so and do a online scan, since there is no single problem that is going to provide 100% protection 100% of the time. IMHO. There is always the chance that some hacker is going to be able to outsmart any protections no matter how smart the protection is. So employing multiple-layers seems like the best way to proceed.

So it was with profound interest that I read a excellent article by Ellen Messmer over at Network World, in which she has provided extensive insight into this very subject. She states in her article:

“Some industry analysts are proclaiming the traditional antivirus method for detecting and eradicating viruses, trojans, spyware and other baneful code by matching it against a signature to be “dead.”

They say signature-based checking can’t keep up with the flood of virus variants manufactured by a criminal underworld that is beating the antivirus vendors at their own game. And they are arguing it’s time for companies to adopt newer approaches, such as whitelisting or behavior-blocking, to protect desktops and servers.”

So does this mean that we throw away our anti-virus programs? Nope. We just need to supplement them with other software, like the free ones I have mentioned.

Network World article.

[tags]antivirus, software, behavior blocking, [/tags]

  • marc klink

    When I have someone who has been infected by a virus, it is usually because they have shut off the resident component of the antivirus program. The worst offenders are the ones that operate in heuristic fashion. They usually slow down the machine greatly. I tell these people to reboot after their game play [usually why they felt the need to shut off the antivirus component] so that the component will start up again. It would be nice if this advice was followed, but because we’re all human, it gets pushed aside or forgotten about.

    You’d think it would make more people want to move to a *nix variant, where this wouldn’t be a problem.

  • http://wp3.lockergnome.com/nexus/blade/ Ron Schenone

    Hi Marc,
    Thanks as always for your comment. I think that a mixed environment is a great idea. Hopefully people will heed your warnings.

    Ron

  • Mike Adams

    The author here posts as if he’s an expert, but fails to identify himself or his credentials beyond “Guest Blogger”.

    • http://opiniond.com/ Mariano Calixte

      Brandon Wirtz
      SEO/SEM, Mercenary at Blackwater Ops

      Currently employed as:
      - Mercenary at Blackwater Ops
      - Voting Member at SMPTE
      - Evangelist at Microsoft MVP

      Past jobs:
      - Director of Content Innovation and Technology at ZillionTV
      - Compressionist at Microsoft
      - Evangelist at WINNOV

      All that according to this linked in profile: linkd.in/Wirtz

  • Mike Adams

    The author here posts as if he’s an expert, but fails to identify himself or his credentials beyond “Guest Blogger”.

  • Anonymous

    please re-read and see his name…………..

  • http://opiniond.com/ Mariano Calixte

    Brandon Wirtz (the author) according to his LinkedIn profile is an “Evangelist at Microsoft MVP”

    I agree with most of what he says here, but isn’t it quite obvious which interests he is defending here?

    LinkedIn profile: linkd.in/Wirtz

    • http://www.blackwaterops.com Brandon Wirtz

      I was a Server Evangelist, and Unpaid in that role, but thanks for playing.