I was interviewed by email, by Alejandro Torres Duran for an article to be published in a Mexican IT magazine or newspaper. This is a script of the interview.

ATD: How did you conclude that antivirus software would come to an end?

RB: What happened was that I came across a security company called SecureWave (about 3 years ago) that had an alternative approach to stopping malware – called whitelisting. After technical discussions with that company I concluded that the standard approach taken by AV companies (signature recognition) was wrong and doomed to be ineffective. I therefore began the AVID (Anti-Virus Is Dead) campaign to let everyone know that AV technology was ineffective and there was an alternative. As it happens there are now many companies with alternatives (Bit9, AppSense, etc.)

ATD: So, does this mean the end of the antivirus companies as we know them today?

RB: Not exactly. It would be the end of AV technology based on signature recognition. The AV companies have collective revenues of around $4 billion from AV software and they have a massive customer base. It will take a while for current AV technology to fade away. They have all the time they need to change their technology, and most of them have enough funds to invest in a better approach.

ATD: What do they have to do?

RB: They need to adopt whitelisting as a foundation for software authentication. Whitelisting is simply the holding of a database of authenticated software – software that is known to be valid and can do no damage. Technically it is more complicated than that, but that’s the basis.

You can think of it like this. Who do you let into your house? The approach of AV technology is to let anyone in who is not known to be a criminal. The whitelisting technique is to first let in those who you know are not criminals (friends and family) and to keep a close watch on those you let in who you don’t know, throwing them out if they do anything suspicious. When you think of it like that, it is obvious which is the best approach.

ATD: Do you have an idea about how the new approach will work for them?

RB: This is already clear. They will simply upgrade their technology. Some AV companies have already adopted whitelisting, partly because of the AVID campaign, and there are others in the process of doing so. The first of the AV companies to do so was CA. Then Symantec followed them and recently Kaspersky announced that it would be using whitelisting technology in its next release. I’m also expecting Trend Micro to do so fairly soon.

ATD: Are they all aware of the problems with AV technology?

RB: They are all aware. I have had discussions with some of them. They are aware that signature based techniques are ineffective. They have known this for years. They even invented a term for viruses that they couldn’t stop. They called them “zero-day threats”, pretending that they were something really sophisticated that had not been met with before. But “zero-day threats” were simply new viruses.

ATD: Why do you think we’re moving to the end of antivirus?

RB: The antivirus approach is now broadly acknowledged to be inadequate. But there are also other reasons. As we move forward we can see that the way software inter-relates is getting more sophisticated. In a world where one program rarely needed to connect to another program there were fewer security dangers. But now we have the trend to Service Oriented Architecture (SOA) with companies building whole architectures for connecting programs together.

We also have the emergence of mash-ups, programs which connect different software services together. In this new world software authentication becomes not only important but necessary. Without software authentication none of this will be secure. AV technology is NOT software authentication and it never can be. Whitelisting is the only known technique that will work.

ATD: Will the new kind of approach for securing pc’s and servers be less profitable. Are companies waiting to the last moment for changing the way they way they work for that reason?

RB: I don’t think that software authentication (whitelisting) is likely to be less profitable. It works in a different way and it can replace AV technology. It is possible that it is a big opportunity for AV security companies. The security workload is increasing not decreasing. However, it takes time to change. In a few years time all AV companies will probably have made the change.

ATD: Do you think that AV companies knew that there were better ways to keep information secure than antivirus software, but since it was a very profitable business, the AV companies kept the same business model? (I ask this because there are rumors about the antivirus companies actually developing the viruses themselves)

RB: I do not believe that the AV companies developed viruses to boost their own businesses. There are too many Black Hats (hackers) for them to need to even think of doing that. There are government “agents” and many criminal gangs that need to develop viruses for their own purposes (theft, espionage, etc.). If AV companies ever did this (which I doubt) there is no need for them do so now