I buy a local PC magazine here in Australia called “APC”
The May 2005 edition has a very interesting interview with a guy called Peter Tippett. Do you know who this guy is? I didn't. Apparently, he is 'the person behind Norton Antivirus'.
Yes, that's right - Peter Tippett apparently developed the product that eventually became Norton Antivirus (NAV).
If you can, get your hands on a copy of the May 2005 edition of APG Magazine and read the interview.
I have tried to find an online copy of the article to link to, but have been unsuccessful. That being said, a small quote falls within the scope of “fair use”, and is sure to encourage you to go out and buy the magazine so you can see what else Peter had to say, so here is a taste:
“The first version I produced stopped any virus that could be produced. 'No updates required' was the byline. It recorded the state of all software on your system and anything new just wouldn't run ... As an afterthought we added virus signature scanner and sold it to Symantec. ... Symantec felt that nobody could understand the generic new software-blocking stuff, so that feature quietly dropped away.”
Peter Tippett, nowadays the Chief Technology Officer of security consulting firm Cybertrust, has definite opinions about antivirus programs based on signatures and their usefulness (or lack thereof) and network security.
Just imagine how different the internet world would be if Peter's idea of allowing the good guys instead of trying to block the bad guys had been allowed to stay after Norton bought in. Is it too extreme to say that spyware wouldn't exist? I wonder.
I admit, 'good lists' can be problematic - blocking the wrong thing can certainly cause problems, but such blockings are easily fixed, unlike modern malware, but as Peter (and many others, including me) have said - it is a lot easier to create and maintain a good list, than it is to maintain a bad list.
We're fighting a losing battle here guys. It would be worth revisiting the good guys list.