>>From Thor: >> >>...It is only when we start diverting those resources away from reactive solutions, such as antivirus that have not hindered any major virus outbreak but even created the far worse problem of AV notifications, and towards proactive appliances and proper risk management that we can minimize our risk and shorten our window of exposure to threats. I agree that MyDoom demonstrates all too clearly the inherent limitations of conventional antivirus technology, but you're still unfair to it. First, the vast majority of attacks don't spread as far and as fast as MyDoom, and by the time one is likely to encounter it the AV companies have protection available, so conscientious users can protect themselves. Surely this is beneficial when it works, which is very often. Second, do you actually know that AV technology has never prevented a major outbreak? That would likely be an outbreak we didn't hear about. Finally, AV companies didn't cause the infrastructure problems, like unauthenticated SMTP, that facilitate our worst attacks. >>ISPs and peering points should seriously consider the development and implementation of technologies that can unintrusively and anonymously detect threats and filter packets that meet certain risk criterias, before governmental agencies wake up and start addressing the issue by regulations and law that will inevitably limit their control of private property. Too bad that mass-market ISPs could never afford to do this given current pricing expectations. This kind of protection would require making Internet access much more expensive as a general rule. The political outcry would be far worse than any reaction to an attack such as we have just experienced. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ larryseltzer@ziffdavis.com
