I have a piece in today’s Guardian (”Does antivirus software have a future?”) that was suggested to me by some comments Alan Cox made on one of the ORG lists. I think there are a couple of interesting points that emerged in researching the piece:

- the difficulty of finding an approximation of the truth between the natural tendency of vendors to deny (at least in public) that there is a problem and the natural tendency of researchers and journalists to want to find one

- the genuine escalation of threats

- new technology designs (virtualization, flashable firmware, software-controlled hardware) that create new opportunities (hardware you have to physically change is inherently secure from software threats)

- confusion because names stay the same while the technologies they represent change and the press does not alter its reviewing language or habits (antivirus software doesn’t work the way it did 10 years ago, but the press still tests AV software the same way and reports on it as though signatures were the key - several people complained about this)

The next stage seems to be leveraging the same connectedness that is bringing us botnets and infected Web pages to create collaborative intelligence that can identify the ever-stealthier, ever-more-targeted threats. (I discovered only afterwards that Google has started labelling pages it thinks are infected with a warning - while I can see the logic of their doing this, it’s a little worrying about the impact on a site or its business if Google gets it wrong - I see lawsuits of green…What a wonderful world…)

wg