Signature Scanning: 'I'm Not Dead Yet'


Signature based scanning may not be exciting, but it's a fundamental and useful part of computer security. There's no question that conventional antivirus protection has become boring, as well it should be. There should be nothing exciting about it. But I think it goes over the top to say that it's "dead." "Commoditized" might be a better word.

Let's recall the arguments for why anti-virus protection is now inadequate. The main one is that it can only detect known attacks, those for which it has a pattern or signature in place. This isn't completely true; Good AV products do detect some generic attacks based on suspicious structures in files, and these are detections that happen in the real world. Signature Scanning: 'I'm Not Dead Yet'

Linked by shanmuga Thursday, 14th December 2006 11:59PM