Talented and well connected cyberthreat analyst Dancho Danchev posted an interview with researcher Thierry Zoller of n.runs AG, the group that recently published a paper on 800 AV product vulnerabilities. He gave Thierry a chance to discuss thoughts on McAfee’s response to the vulnerability findings.
Keep in mind, I may be a bit biased that ThreatFire is one of the best behavioral based products out there, and here is my favorite part of the interview:
“Dancho : Isn’t the single most important vulnerability found in antivirus software during the last couple of years, the easy to bypass signatures based scanning approach, and the product concept myopia of spending years of research into heuristics where the same amount of resources should have probably been spend on behavioral detection solutions?
Thierry : From a larger viewpoint, concentrating the functional aspect of AV software – you are absolutely correct. The “problem” with behavioral detection is this one – they need less updates and..updates is what keeps the AV business model rolling. If this would have not been the case – I am sure we would have a lot better behavioral and overall detection nowadays. It’s ridicule how easy it is to bypass heuristics.”