While signature-based scanning has its shortcomings, it’s not a total waste. According to Roger Thompson, chief emerging threats researcher at ICSA Labs, an in-depth, layered approach to security should include signature-based scanners.
“Every piece of Swiss cheese has lots of holes in it, but if you get enough pieces of cheese in place, you block everything,” he said. “So yes there is a point to having signatures, but testing against the whole malware zoo is dumb.”
Even vendors that don’t feature signature-based scanning as part of their core solution see some merit in having it in place. The use of signature-based scanning is often seen as a way to create a baseline level of security to stop amateur attacks
“Signatures are not a waste of time, as it blocks out the amateurs,” John Prisco, CEO of Triumfant , told eSecurity Planet. “It’s not going to work when it’s the Iranians or the Chinese or the Russians; it is a waste of time for those adversaries.”