Anti-Virus In Demise is this week’s AVID focus. You know when a technology sector is beginning to thrive when there are new entrants. There is a new entrant into the Software Authentication/Anti-Malware market which (as I keep saying) is destined to utterly destroy the AntiVirus market.

For 18 years the AV market grew and thrived until it became a $4 billion industry accounting for about 52 percent of the spend on IT security. It is awesome that products that repeatedly failed to protect their customers from malware have thrived so mightily—more so that all other IT security products, most of which actually do stop threats.

Anyway the game is up. Alternative technology is available that does the job properly, and now there are four companies providing it. Not as many as the 30 or more AV companies but hey, sit back and watch the AV market contract while this one replaces it.

The way that Software Authentication products work is; well, they check executables to see if they are “authentic” as they queue up to execute and they stop them if they are not. How do they know what is authentic? When these products are loaded for the first time onto a clean machine they finger-print all the (valid) executables or import a whitelist from elsewhere in the network, or both. After that, anything that is new and unknown is only allowed to run if it is given permission by the user. Even if given such permission to run, it runs in “quarantine”. It will not be allowed to run elsewhere in the network unless it is given a clean bill of health by the central IT Security team.

This is the way that the Software Authentication products (from AppSense, Secure-Wave, Bit9 and now Savant Protection) work. Outside of the fact that these products automatically stop all malware (whereas AV products don’t even stop viruses very well) they work in slightly different ways. Savant Protection has the nuance that it uses cryptographic techniques to validate users and generate software fingerprints. User validation works by strong authentication—based on a randomly selected file. The fingerprints that Savant Protection generates are not just unique to the executable they apply to, they are unique for every computer/executable pair. Thus even if a user makes a mistake and permits some malware to run, it will never run anywhere else in the network.

These products don’t just stop viruses and worms; they stop spyware, adware, user loaded software like P2P file sharing software, hacker exploits and associated hacking tools, web page based exploits, old versions of software accidentally invoked and anything whatever that you don’t want to run on your computers,

So what does it mean that there is yet another AVID company? Well it means that there is more marketing budget and more sales people out there to spread the message that the age of malware is coming to an end and Anti-Virus Is Dead!

We’re not done here, by the way. I keep acquiring new information to publish—more than I need to keep AVID going on a fortnightly basis.