Barnendu Goswami

Worcester

Sys.Eng/Tech.Specialist

Brian: I hear what you're saying; and I think this is a commonly held belief among professionals, and it may have been true for the most part, 2-3 years ago.

The sad truth now is that it doesn't really control the initial 'hit' that most of the 'warhol' method style worms employ. AV protection is only good for damping the after-effects of an outbreak, because it isn't really intelligent (yet).

I suspect the coming year will see some interesting (if rather late) advances in AV technology. Imagine an AV product that has a watchdog process for a list like the one that programs like 'HijackThis' produces...alerting the user when something new is introduced into one of those Windows 'nooks and crannies'. Methods like this were used in some of the less complicated OSs of the past, by the most effective AV solutions (I'm thinking back to the days of the Amiga and the 'Pseudo Ops' virus killer for example), but there's no reason a similar strategy would fail in an OS like Windows, but it's only going to work long term, if the checks and balances are intricate, paranoid, and reliable. Some of the protection has to come from the user/process/installation security around services and application install/uninstall. That's something Microsoft can look at, we already have most of it in place now, but applications still have the ability to weld themselves into the OS without necessarily forcing the app to register in a single user accessible interface (like the 'add/remove programs' interface in the control panel for example? - one which requests specific credentials from the user before commencing installation? - cripes, even the IT department would want that!). But even without that: a bit of proactive thinking on the part of AV writers will in my opinion, reap a lot of reward.