Well here is a base article, however, the xsl page actually relys on
several other external xml files to gather sitewide data and generate
cross references etc.
Sory, but I cant supply you with all those files, I think other people
here at VB might get a little upset if they knew their information
was being thrown about this mailing list.
If you have any questions though, feel free to ask.
<article
filename = "11_01.xml"
date = "November 2004"
type = "comments"
title = "The dinosaurs live on"
edition = "200411">
<author id = "002" />
<summary>"I was even quite pleased to have lasted in the AV industry long
enough to be a 'dinosaur'" - Peter Morley, McAfee UK. </summary>
<paragraph>
I was delighted to read Nick Scales's comment '<link location =
"/magazine/articles/comments/2004/10_01.xml">Definition-based AV software
is dead</link>' last month (see <link location =
"/magazine/issues/2004/10.xml">VB, October 2004</link>, p.2). I was even
quite pleased to have lasted in the AV industry long enough to be a
'dinosaur'. Unlike Scales, however, I believe the AV dinosaurs who
surround me will not be extinct before the decade is out, and that they
may last some further ten years or more.
</paragraph>
<paragraph>
Prevention is better than cure, and <link location =
"http://www.microsoft.com/windowsxp/sp2/default.mspx";>XP Service Pack
2</link> has made great strides. However, I have implemented XP Service
Pack 2, and if I run without anti-virus software, it keeps popping up and
reminding me. Obviously the authors are well aware that they haven't
killed it yet, and that they have more work to do.
</paragraph>
<paragraph>
So, where do we go from here, to improve still further? Prevention
comes from four sources.
</paragraph>
<paragraph>
First, the Operating System provider. Bill Gates stressed two
years ago that security is a prime consideration for <link location =
"http://www.microsoft.com/";>Microsoft</link>. He associated security with
Longhorn, his project for the next OS, and promised to concentrate on it.
Since then, the initial Longhorn implementation has been watered down, and
the diluted version is scheduled for 2005. Microsoft has since taken over
<link location = "http://www.gecadnet.ro/securitate/";>GeCAD</link>, an
excellent AV vendor. I conclude that Gates believes there is still a place
for the conventional AV strategy (detect after the attack) for some time
to come.
</paragraph>
<paragraph>
The first version of Longhorn will have to be highly backward
compatible or it will not take off. It will also, at some stage, support
the new hardware security requirements about which some vendors (including
<link location = "http://www.ibm.com/";>IBM</link>) are arguing. All this
adds up to more of a delay in getting Longhorn bedded down.
</paragraph>
<paragraph>
The second source of prevention is the hardware providers. In his
comment, Scales mentioned that, by 2007, anti-virus will be built into the
chipsets of the latest computers and devices. He is right, and several
vendors (including <link location =
"http://www.mcafee.com/";>McAfee</link>) have started providing the means
to do it. However, I think it will be several years before it becomes
really effective.
</paragraph>
<paragraph>
User policy enforcement techniques represent the third source of
prevention. The implementation of these is not easy. Over the next five
years, volumes and Internet usage are set to explode further. There is
also the integration of both the communication and entertainment
industries into the computer industry. (You doubt it? May I remind you of
Sony-MGM.)
</paragraph>
<paragraph>
Last but not least, the surviving AV companies will remain
responsible for excluding the known 'nasties' where possible. They may be
replaced by a new, shining 'MSAV', but I doubt it. Some unknown nasties
will still get through, and someone will need to respond as quickly as
possible. Who, other than the surviving anti-virus vendors, will prevent
them from continuing to get through?
</paragraph>
<paragraph>
Of the forthcoming Trojans, I am sure there will be some which get
in, wait up to three months, do something horrible, and then delete
themselves. This raises the classic subject of backup. Most large-scale
users will have to improve their ability to retreat to a working system,
and repeat the essential transactions since.
</paragraph>
<paragraph>
What will happen to reviewers during the next ten years? I suspect
they will fade slightly, as the number of field nasties declines, but I
don't believe they will fade out completely until about 2015. Bear in mind
that Chinese and other Far East users are several years behind the game,
but growing very quickly, and that their reviewers expect that anything
which was ever detected remains detectable.
</paragraph>
<paragraph>
Finally, some big AV customers have their own virus collections,
and expect that anything which has ever infected or attacked them will
continue to be detected.
</paragraph>
<paragraph>
Scales's predictions are right, but the extinction of the AV
dinosaurs will happen later. Perhaps much later.
</paragraph>
<paragraph>
[See this month's <link location =
"/magazine/articles/letters/2004/index.xml#October">Letters page</link>
(p.10) for some different reactions to last month's comment, '<link
location = "/magazine/articles/comments/2004/10_01.xml">Definition-based
AV software is dead</link>' - Ed.]
</paragraph>
</article>
--
Tom David Kirkpatrick
Virus Bulletin Web Developer, Virus Bulletin
Tel: +44 1235 555139
Web: www.virusbtn.com
--~------------------------------------------------------------------
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
To unsubscribe, go to: http://lists.mulberrytech.com/xsl-list/
or e-mail: <mailto:xsl-list-unsubscribe(_at_)lists(_dot_)mulberrytech(_dot_)com>
--~--