I was interested to spot an item on The Register site about the “slow death” of anti-virus technology. This article, written by Robin Bloor, a US analyst (who appears to be running a one-man “anti-virus is dead” campaign) makes some valid points. Essentially it claims that AV technology is gradually dying and being replaced by far more effective “whitelisting” technology. Such technology works by authenticating the applications and executables that users can run. It’s a sound approach. So he has a good point.
Now I’m a great supported of whitelisting. If you can implement such an approach across your estate, then you will have achieved the most elegant and effective solution. And one that’s more in tune with the de-perimeterisation strategy that we’ve been promoting through the Jericho Forum. Black lists are inelegant, incomplete and can present scaling problems. But one has to admit that they’ve served us remarkably well for the past two decades. Whitelisting is the smart approach for the long-term. However, we haven’t yet experienced all of the practical management issues associated with this technology. Whitelists can also be incomplete and present one or two performance problems. The jury is still out for the time being.
And technologies can also bounce back. Many said that Cinema would kill the Theatre, that TV would kill Cinema, that Video would kill TV, etc. They all survived. Blacklisting is too useful a control to discard. It’s used in other fields of security, for example to screen new recruits to large organisations. So don’t write off AV technology just yet.