Life After AV: If Anti-Virus is Obsolete, What Comes Next?

by Paul Schmehl
Sept. 24, 2017 1 comment Symantec Pen Testing & Audits antivirus

In a previous article, Past Its Prime: Is Anti-Virus Scanning Obsolete?, I discussed the reasons why I believe that anti-virus scanning as we now know it is obsolete and must be replaced. In this article, I will address what I believe will be its replacement - behavioral blocking - including what is currently available, and how behavioral blocking needs to function for it to successfully defeat malicious code. Before briefly reviewing the available products, I will define what I mean by behavioral blocking. When I use the term, I am referring to a technology that has the ability to run suspect programs in multiple virtual operating systems, determine precisely what the code does and then, based upon a set of rules, decide what to do with that program. This is different from what some people call behavioral blocking, which generally refers to the use of set of rules to decide what to do with a program based upon its attributes.

2flash 7 months, 1 week ago

I wouldn't call AV obsolete yet... most of companies work hard still , but it is true that some of them... "joined the dark side"