Itâ€™s been a while since security vendors clashed on technology and made â€œboldâ€ statements referring to the competition. Maybe is the recession, and in an attempt to grab some attention (and bolster sales), come statements such as â€œHeuristics are deadâ€ (with a response from Sunbelt), and a direct jab at a competitor from Damballa.
My positions on these are clear â€“ signatures are pretty much the past, but still have their place as a â€œlast mileâ€ solution that can speed up scanning for known threats. Heuristics are the natural evolution of signatures in the binary world, and the main focus should be on dynamic real-time scanning of web content which is the actual attack vector that eventually (when and if successful) brings in the binaries that the signatures/heuristics need to scan.
Not to side with anyone particular on this matter, this kind of communication is usually not that helpful for people looking to get a security solution. I would opt for the more educational â€œthis is what the threat looks like, this is what you would usually get from other vendors, and this is our edge which makes us betterâ€. This approach may open another Pandoraâ€™s box â€“ the â€œindependentâ€ testing labs, but thatâ€™s another issue to be dealt with (how independent is the test, what is the test focused on, test material and samples, configuration, who sets the guidelines, etcâ€¦).
Nevertheless, I hope that weâ€™ll see some more informative and research oriented (or at least research based) statements that we could all benefit from the next time someone rolls out a new technology.