I know you mentioned cash registers, but one sector white list has a lot of adoption is retail and retail includes the PCs managers use, not just POS devices.

And it is fine to say lousy advice, but better to list a supporting technical reason to support your statement, not just “you will get fired”.

And just to be clear, I think AV only is history. AV with some whitelist blend is the best idea we have available at the time.

When products are starting to detect less than 50% of the malware out there, and that is not true of all of them, but it is true of some of them, it is time to start looking for alternate solutions perhaps?

I think it makes a lot of sense, while we are asleep for our systems to go get a scan, not just anti-virus, more and more I think Secunia solution really helps keep a system in check. But I am currently running two different endpoint technologies, Bit 9 and Savant Protection on the two boxes I actually do work on and I like what I am seeing.

I am hopeful for Android, but it seems to be progressing slowly.

RE the PIM problem, as a person who is nursing along their fourth Palm device since 1998 (now on the second Palm E2), I am looking apprehensively toward the future. iPhone is a pale proprietary comparison to the kind of data flexibility my 4-year-old E2 offers in the range of open apps and bi-directional syncing with multiple platforms. Palm may aspire to exploit the same proprietary gold mine as Apple with the new WebOS. Android could end up being the truly open alternative that gets ported to devices small and inexpensive enough to risk dropping on a daily basis.

There’s business opportunity here- both in the PIM and the Quicken-style financial management realms.

I think too many people still think they are safe behind firewalls and the likes.

I think that eliminating these systems at this stage would harm defense in depth, but that relying on them exclusively would be insufficient protection. I am intrigued by whitelisting, but am concerned that it’s not a mature enough technology to deploy widely… at least not in my industry.

I am also growing increasingly concerned about web-based exploits. If I can write a script that runs in the browser and sends data off the world, it seems unlikely to be caught by either traditional AV or whitelisting. The same goes with malware that is based at the hypervisor level.

Really, the fundamental solution is to have hardware and operating systems that lack security holes. Until we get to that point, however, I think we have to just realize that a portion of our system resources have to spent checking that the rest of the system it’s doing anything wrong.

It’s not ideal, but there you are.

Again, are AV tests truly valid and are issues with AV software user based to some degree. Many AV solutions do not enable all detection by default, users fail to turn this on and testers tend to use default installations (mimicing users). Many like Symantec provide heuristic detection to determine malware like behavior but are not fully enabled by default. Is part of the answer not to improved default security at initial installation?

But yes, new threats evolve all the time and signature based detection will always trail new threats.