Alex, the emphasis is currently on identifying known bad. Yes? No matter what the specifics of that approach, it is more fraught with peril than tracking known good for any given environment.
Zero-day (new code) is meaningless in such a context. -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On May 11, 2010 1:19 PM, "Alex Eckelberry" <[email protected]> wrote: >But Mr. Zoits is right, AV is pointless. It is a signature race and >you wll lose that race sooner ... I respectfully disagree. What antivirus companies still rely on signatures? I see detection rates daily, and while an AV engine is not nearly the thing it was in the past, it is still a very, very important part of the security strategy. Just wait until your next Conficker infection... Alex -----Original Message----- From: Kennedy, Jim [mailto:[email protected]] Sent: Tuesday, May 11, 2010 10:57 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better.... Just to amplify 6.0 is also discontinued. This las... Sent: Tuesday, May 11, 2010 10:50 AM To: NT System Admin Issues Subject: RE: Life just keeps getting better.... Too bad Cisco royally screwed up CSA 6.0 and is di... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
