[caption id="" align="alignleft" width="290" caption="2002 Good vs. Bad"][/caption]And now a mainstream antivirus vendor is saying this too.
First of all, I have no dog in this fight, and no product to sell you. But I have seen the antivirus industry from the inside out, and I have paid a lot of attention to the Virusbulletin website for a long time.
Recently, a few things have made me realize that it's time to turn things upside down. You can no longer protect against the bad, Stuxnet and Flame bear witness to this fact; the AV industry did not detect these for years. The graph on the left shows the good executables compared to the bad (malware) executables in 2002. Now, let's look 10 years later. Malware writers have fast-forwarded a few generations ahead, and automated generating malware. The next graph shows the situation now. As you can see it is high time for the proverbial paradigm shift. [caption id="" align="alignleft" width="290" caption="2012 Good vs. Bad"][/caption] There is too much malware out there and the antivirus concept of keeping bad code out has essentially been overtaken. The best illustration of this is the recent analysis of the University of Alabama, which looked at the most recent 30 days of phishing attacks and what percentage of the antivirus products protected against these new flavors of malware. A horrifying one-in-five caught the malware, and this is over 20 leading brands! I have blogged about this here. You read that right, a whopping 80% of the existing antivirus products did not catch these attacks. And it's objective virusbulletin data! Ouch.
Now McAfee essentially admits defeat and states together with the Pacific Northwest National Laboratory that if you have machines that are critical for infrastructure, whitelisting and related technologies are the best solution. The researchers conclude that it is time to switch from blocking bad code to allowing only good code. For you, if you are not an electricity utility or municipal water plant that means machines in accounting, development servers, or that hold any kind of intellectual property. And it is needed more than ever to educate your users which makes for happy admins and a lot less malware infections.
I have taken the time to look at the whitelisting concept and wrote it up for you. Here is link to my whitelisting whitepaper (PDF).
First of all, I have no dog in this fight, and no product to sell you. But I have seen the antivirus industry from the inside out, and I have paid a lot of attention to the Virusbulletin website for a long time.
Recently, a few things have made me realize that it's time to turn things upside down. You can no longer protect against the bad, Stuxnet and Flame bear witness to this fact; the AV industry did not detect these for years. The graph on the left shows the good executables compared to the bad (malware) executables in 2002. Now, let's look 10 years later. Malware writers have fast-forwarded a few generations ahead, and automated generating malware. The next graph shows the situation now. As you can see it is high time for the proverbial paradigm shift. [caption id="" align="alignleft" width="290" caption="2012 Good vs. Bad"][/caption] There is too much malware out there and the antivirus concept of keeping bad code out has essentially been overtaken. The best illustration of this is the recent analysis of the University of Alabama, which looked at the most recent 30 days of phishing attacks and what percentage of the antivirus products protected against these new flavors of malware. A horrifying one-in-five caught the malware, and this is over 20 leading brands! I have blogged about this here. You read that right, a whopping 80% of the existing antivirus products did not catch these attacks. And it's objective virusbulletin data! Ouch.
Now McAfee essentially admits defeat and states together with the Pacific Northwest National Laboratory that if you have machines that are critical for infrastructure, whitelisting and related technologies are the best solution. The researchers conclude that it is time to switch from blocking bad code to allowing only good code. For you, if you are not an electricity utility or municipal water plant that means machines in accounting, development servers, or that hold any kind of intellectual property. And it is needed more than ever to educate your users which makes for happy admins and a lot less malware infections.
I have taken the time to look at the whitelisting concept and wrote it up for you. Here is link to my whitelisting whitepaper (PDF).