« Nokia unveils the E51 | Main | Apple's new iPods go under the microscope »
Drivesentry living Symantec's dream
It was interesting to see Symantec announce the future of anti-virus software lies in categorising everything that's good on a white list, rather than what's bad.
It's not just that there are more bad things than good, but viruses, spyware and other baddies can be encrypted a thousand different ways or embedded in other files so a signature file can't detect it anymore.
This means the combination of customised malware eluding detection could be limitless, whereas white lists are more manageable.
While Symantec is planning this for the future, Drivesentry is already using this technique now where every application you run is checked against a known good configuration on a white list on Drivesentry's servers.
There's also a traditional black list and finally a community response that pops up every time you encounter an unknown file. By viewing community trends you can make an informed decision on whether the file is good or bad.
For example, a homemade game might not sit on any black or white list but if 2000 people in the community have let it run because they think it's safe and 5 people have blocked it, you'll probably be ok executing it, according to Drivesentry.
Alan Jones, CEO of Drivesentry labelled products like Norton360 "antiquated antivirus products based on methodologies over 10 years old". White lists can better cope with threats that spread like wildfire on the day they are released.
The product works by monitoring all hard disks writes, which also provides an insight into the mysterious writes that constantly occur in Vista. John Safa, chief technical officer, claimed his software also spotted the unprecedented Windows update that occurred without users consent last week.
Drivesentry 3 launches on October 1st in a free guise and a subscription option which gives you full access to the community features. Pricing has yet to be announced.
Post a comment