Security Basics mailing list archives
RE: Trend Micro's AV 'cloud'
From: "David Harley" <david.a.harley () gmail com>
Date: Fri, 20 Jun 2008 16:09:25 +0100
Moving away from signature based AV and into the 'cloud'? Lots of people(smarter than me, no doubt) have made noises about the slow death of sig based AV.
As far as I can see, this is still signature detection. It's just that the location of the database has changed. In fact, it looks to me as if they're throwing out several babies with the bathwater and relying on near-exact identification, in the hope that their crawler will have picked up the sample already so that there'll be a signature. If I understand the implications correctly, systems will gain speed because (1) the agent only has one comparison run for each suspicious program, and it's just a hash lookup (2) new sigs will be available immediately to each system, since there's no waiting for the new defs to be cascaded from Trend's servers to customer's systems. However, it doesn't look as if there'll be a heuristic detection or generic signature to fall back on if the sig doesn't exist. But the actual implementation might look quite different.
What do people think will be the future and what are people investing in for their own/company protection moving forward.
Since I work for a competing vendor, I don't think I'll risk that one. :)
Is this just Trend's marketing speak? Or real innovation?
Actually, it's a variation on a client/server model that's been used in AV previously. But it's quite a bold stroke. Not one I'd be anxious to commit to personally, though. -- David Harley
Current thread:
- Trend Micro's AV 'cloud' Murda Mcloud (Jun 19)
- Re: Trend Micro's AV 'cloud' pinowudi (Jun 20)
- Re: Trend Micro's AV 'cloud' Chad Perrin (Jun 30)
- RE: Trend Micro's AV 'cloud' David Harley (Jun 20)
- Re: Trend Micro's AV 'cloud' John Mason Jr (Jun 20)
- RE: Trend Micro's AV 'cloud' David Harley (Jun 23)
- Re: Trend Micro's AV 'cloud' Anjar Priandoyo (Jun 23)
- Re: Trend Micro's AV 'cloud' pinowudi (Jun 20)