This is David Hall, consumer product marketing manager from Symantec. You might be wondering why he looks like he wants to inflict harm on somebody. That’s probably because he does.
The person David is looking at is Kim Brebach, who runs an Australian technology marketing firm whose clients includes ESET NOD 32 – a competing antivirus product. But Kim didn’t compare products, Kim spoke the truth and that is a majority (if not all) of “anti-stuff” products suck and it’s easy to blame the users for less-than-optimal security products in the past.
Kim also had an interesting spin on the viral “if operating systems were airlines” joke, “if antivirus was airline security”. It went something like, everyone had to be body searched and scanned which took an incredibly long time before even getting on the plane. Passengers would be forced to sit on the tarmac practicing emergency drills over and over again. The plane would have two seatbealts instead of one. After the plane eventually takes off, if you wanted to go to the toilet, a stewardess would tell you that might not be a good idea and they’re not liable in the event of an accident. All whilst knowing there is still a 10% chance the plane might be hijacked.
All of them spoke highly of an emerging but long foreseeable trend of behavior-detection-enabled security softwares. In contrast to the largely signature-based industry where threats are analyzed after they are made public, behavior-based security software has the potential to detect malicious activity as it’s happening, rather than reactive after it’s already happened (once).
The example one presenter used was a bank robbery. Traditionally, in a signature-based system the security guard would fingerprint everyone who comes into a branch to detect known criminals. The problem with that is that the person needs to have committed a crime before to be a criminal. In a behavior-based system, as soon as a person draws a weapon, the security is aware of the motive to rob the bank.
The severe drawback is that behavior based systems are more system intensive, just when you thought signature systems were enough load. A hybrid mix will be the optimal solution for now and the near future.
As a result of the Australian government’s recent decision to distribute a free internet filter, a discussion of a “public-funded” security system also emerged between the panelist and audience. Could it be possible and would it be productive to establish a multi-government-funded and publically owned security software company that distributed free security solutions for everyone?
Unfortunately we were out of time to argue that one out, but it seemed like a lot of journalists should definitely consider a career change into security consultancy by the feel of it.