There are a number of myths and misconceptions about how modern anti-virus (AV) technologies work. It used to be that they just used signatures of known malware, but is that still the case?
I recently sat down with Roel Schouwenberg, Senior anti-virus researcher at Kaspersky Lab, to get his take on the myths and misconceptions of the modern AV industry.
Schouwenberg agreed that signatures by themselves are dead. He commented that just a pure signature approach isn’t enough anymore, but it’s still an essential element and a tool used to detect malware.
In his view whitelisting and access control have a role to play as well, but aren’t the ultimate solution either.
“You can whitelist applications but you can’t whitelist script files,” Schouwenberg said. “You can’t whitelist the internet.”