The great AV vs. AV debacle starts again?

It’s been a while since security vendors clashed on technology and made “bold” statements referring to the competition. Maybe is the recession, and in an attempt to grab some attention (and bolster sales), come statements such as “Heuristics are dead” (with a response from Sunbelt), and a direct jab at a competitor from Damballa.

My positions on these are clear – signatures are pretty much the past, but still have their place as a “last mile” solution that can speed up scanning for known threats. Heuristics are the natural evolution of signatures in the binary world, and the main focus should be on dynamic real-time scanning of web content which is the actual attack vector that eventually (when and if successful) brings in the binaries that the signatures/heuristics need to scan.

Not to side with anyone particular on this matter, this kind of communication is usually not that helpful for people looking to get a security solution. I would opt for the more educational “this is what the threat looks like, this is what you would usually get from other vendors, and this is our edge which makes us better”. This approach may open another Pandora’s box – the “independent” testing labs, but that’s another issue to be dealt with (how independent is the test, what is the test focused on, test material and samples, configuration, who sets the guidelines, etc…).

Nevertheless, I hope that we’ll see some more informative and research oriented (or at least research based) statements that we could all benefit from the next time someone rolls out a new technology.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.