AVID, as regular readers of this blog know stands for Anti-Virus is Deceased or, alternatively, AV is Dead. Borrowing from Monty Python, we can emphasise this message by insisting that;

“AV’s passed on! This technology is no more! It has ceased to be! It’s expired and gone to meet its maker! It’s a stiff! Bereft of life, it rests in peace! If you hadn’t nailed it to the PC it’d be pushing up the daisies! Its metabolic processes are now ‘istory! It’s off the twig! It’s kicked the bucket, it’s shuffled off its mortal coil, run down the curtain and joined the bleedin’ choir invisibile!! THIS IS AN EX-TECHNOLOGY!!”

I’m getting ahead of myself, perhaps, but there’s two reasons why we’re predicting the imminent demise of AV software.

Point 1: It doesn’t work. To be precise it fails to stop the potentially most damaging viruses—the new ones.

How bad is it at doing this? Pretty awful really. Let’s take a specific case as an example; the SQL Slammer worm—which first saw the light of day in January 2003. It was estimated that the SQL Slammer worm infected 90 percent of the computers that it could infect in the space of 10 minutes. From the perspective of AV software, it was disastrous. As far as I can tell there is no evidence that any AV software stopped the initial onslaught of this particular worm from the moment it began its jaunt across the Internet.

Why was that?

Well, it was simply a matter of how the worm worked. Once it had infected a computer running Microsoft SQL Server, it scanned the Internet for other such machines to infect and when it found one, it infected it. This caused an explosion of processes looking to infect other machines all running at digital speeds. This little worm didn’t need any help from people to proliferate. The way to kill the infection was to download a SQL Server patch which eliminated the buffer overflow that the virus was using to hijack servers. It was the only cure. The cost of SQL Slammer was estimated as $1.5 billion.

Point 2: There are products that actually do the job properly from security vendors Bit9, SecureWave and AppSense.

AV becomes an ex-technology when companies start buying this technology, a trend which is now happily in progress. When this trend explodes, it will be the beginning of the end for viruses and other malware. Until it happens such software will persist because AV technology doesn’t stop it effectively.