Beyond traditional anti-virus
Melih Abdulhayoğlu says there is already an answer to the problem of anti-virus
Anti-virus is dead, we keep hearing, but in reality anti-virus products have never had a healthy life in the channel.
Resellers time and time again have experienced fallout from unhappy customers returning to them, having suffered an infection, the very thing the product they were sold was meant to prevent.
This has eroded already thin margins and caused customers no end of frustration.
It is now accepted by many that traditional anti-virus does not and cannot protect users any longer. Several high-profile security breaches – most recently Cryptolocker and GOZeuS – have only made the fact more obvious.
Yet anti-virus evolution – the development of new technology – can guarantee freedom from infection. This should make resellers take a second look at anti-virus offerings.
There are only three types of files in the world, there have only ever been three, and there will only ever be three: known "bad" files, known "good" files, and unknown files.
The problem has been mainly about dealing with unknown files. Traditional systems offer default allow set-ups and blacklisting. Obviously, an unknown file will be let in.
The unknown could be a good or bad file but no one knows. But this is essentially like letting a stranger into your house while blindfolded.
Default denial or white-listing is too restrictive for many users, so the vast majority of offerings have allowed unknown "strangers" through the front door. People using traditional anti-virus who think they are safe are very much mistaken for this very reason.
The solution is sandboxing, containing the application in an isolated environment. I can hear the groans of despair: "Sandboxing has been around for ages."
Yes, but the big innovation is the development of a fail-safe sandbox, which is technology that's out there right now. Fail-safe sandboxing may well be the saviour of the anti-virus industry.
A sandbox is a virtual operating environment created within a computer for unknown and suspicious programs. Such programs are automatically run in the sandbox where they cannot damage the operating system, its registry or important user data.
This protection goes well beyond traditional anti-virus software by ensuring any new viruses are completely isolated and unable to cause damage.
For resellers, deciding on a product comes down to ticking three boxes: it needs to be different to anything else on the market, the price needs to be right and it needs to do exactly what it says on the tin.
For the first time, anti-virus software might tick all these boxes, whereas traditional offerings never could.
Melih Abdulhayoğlu is chief executive and founder of Comodo