Bye Bye Anti-Virus?
Recently I read an interesting article regarding Anti-Virus (AV) technology. This article reports that the AV technology is dying and will be replaced by a technology called whitelisting. Some of the trends that we are seeing today is that major AV companies are trying to acquire the whitelisting technology, and the rise of new whitelisting startups. More on this article can be read on The Register.
One of the whitelisting vendors stated in the article was SignaCert. So I did some research on their site. The basis behind the concept of whitelisting is software authentication. According to SignaCert, a whitelist is a repository of identified authentic individual data elements (file signatures generated using cryptographic hashing techniques) that are used to validate the integrity of contents on devices (such as files stored on PCs).
For the whitelists to be effective, it should contain software signatures and metadata of a wide range of commercially available software relavent to an enterprise’s specific needs. These signatures and metadata should be based on the source and from verifiable authentic sources. The signatures and metadata needs to be continually synchronized against the continuous changes to the software by the vendors. It should provide simple and flexible mechanisms to extend the repository for these commercial and also internally developed custom applications. And flexible and easy to use mechanisms for organizing the whitelists.
The goal of all this and other fancy products they have are to ensure the integrity of the IT platform. Whether it is the files stored on the servers/PCs or configuration, registries, etc. Besides this there are other products out their which specializes in file integrity and one of the most widely used and popular one is Tripwire.
With all this, I wonder if the signature based virus detection will get obsolete and whitelist technology will takeover. Or would other technologies will come to surface as they gain more production value such as more adaptive and intelligent techniques in detecting such malware. One such interesting project I came across sometime back is Janus (the intelligent firewall) project by InSeon Yoo. This project has a non-signature based virus detection module.
Whatever the future holds, I believe this battle with viruses and other malware will never end unless more innovative and intelligent solutions are developed.
References:
No comments:
Post a Comment