• Products
  Threat Manager
  Log Manager
  ActiveWatch
  LogReview
  Why Alert Logic
• Solutions
  Compliance Automation
  Security Management
  Sample Configurations
  Protected by Alert Logic
• Partners
  Service Providers
  Value Added Resellers
  Consultants & SIs
  Partner Success Platform
  Our Partners
• Library
  Success Stories
  Demos
  White Papers
  Webinars
  AlertTV
  Data Sheets
• News & Events
  Press Releases
  Media Coverage
  Events
• Company Info
  Contact Us
  Support
  Blog
  Careers
  Management
  Board of Directors
  Investors

Should Antivirus Form a Democracy?

For decades people have been declaring antivirus as dead, dying, or at least missing in action. Recently, a discussion on the popular (often geeky) Reddit.com asked the question if with the recent problems with “blacklisting legitimate software, poor response time, bloat, and other problems” should there be an open database where the community votes and determines what should be in the common detection database.

We’ve seen this strategy work fairly well with Snort, applying a common detection database and allowing others to contribute or support an alternative database (Emerging Threats). The key question is, will this work for antivirus. I think it may, but I doubt we will ever see it fully adopted. The reason is the same with all open-source solutions, it typically becomes more of a  socialism where consensus is rarely formed unless someone takes the position of dictator or a team takes that position. This works in some cases, but just look at how many versions of Linux there are, and you’ll see how differing opinions can easily take a good idea, and split it up in to many good ideas where you find yourself back to the choice of which is best for you.

In that case, you find yourself not only choosing an AV vendor, but which AV vendor uses which database and which community.

I think it’s a great idea, but I think the better idea is to look at the model used for vulnerabilities. Define a common database not based on the signature, but rather the names of the virus, and its unique characteristics. Currently, each vendor uses its owns system to define the names of viruses, and most do not share this information with their competitors. By using a common criteria, if Vendor A wanted to compete with Vendor B, you could sample 10 common viruses from that database and compare their ability to detect it. Currently, trying to do this requires determining where Virus A maps to Virus B which is pretty difficult to research.

What do you think? Would this work as a means to begin leveling the playing field and forcing the vendors to compete on speed, accuracy, and minimizing impact to end-users?

Write a comment

Name:
Email:
Subject:
Comment: *

Help prevent spam - enter security code above:
 

© 2010 Alert Logic, Inc. All rights reserved.Terms of UsePrivacy Statement