Not all are the same. The engines that analyze the stream of data are quite different. I would claim that ours is the best. Also, antivirus is only as good as the signature file attached to the engine. Our Live Update allows users to pull down signatures as soon as they are ready. I understand Symantec's antivirus software contains some heuristics. Do you see heuristics replacing signature-based detection any time soon?
Signature-based antivirus will never go away. Heuristics are good to clean up the initial stream. But there will always be data content, which is questionable that needs deeper analysis. Therefore we'll need signature-based antivirus for as long as I can see. Outsourcing of security is becoming a hot topic. Why is that?
Managing a security environment is very complicated. In some companies, the skills to do it just don't exist. If a company is on the Internet, then it needs 24x7 monitoring but they don't have the staff 24x7 to cover it. Outsourcing security gives you that round the clock service you need. What about those unlucky customers who get a virus or worm before a signature file is created? How is Symantec being proactive when it comes to virus detection?
The best answer I have is the heuristics will catch some, maybe most attacks we can imagine will come (based on behavior analysis). Besides heuristics, we also do a lot of proactive research. Our research team is plugged into universities and to hacker sites and into every other known source of problems. They are also plugged into police organizations and governments who are also monitoring behavior of viruses. We can usually get enough intelligence to know something is happening so we can look in a specific area. When you combine that with heuristics and the signatures then you have the best detection that you can possibly get. There is a lot of proactive work going on. It seems that antivirus software vendors are winning the battle against the virus writers. Do you agree?
We are making progress, but so are the virus writers. We have between 60,000 and 70,000 virus definitions. Every week, we see 30 to 40 new vulnerabilities. Generally, solution providers are up for the challenge, responding with virus definitions typically in minutes. We'll see punch and then counterpunch for some time to come. What should a company look for in an outsourcer?
All provide 24x7 monitoring but not all are competent in all devices such antivirus, IDS or firewalls. You should look for one that is fully backed up. Also make sure they have plenty of bandwidth. The experience of the people staffing the centers is another important consideration. Our U.S. center in San Antonio has a lot of former Air Force and Army with 10 or 15 years of security experience. Symantec seems to be entering many facets of security beyond antivirus. Do ever think Symantec would ever get into physical security or public key infrastructure?
We have added firewalls, VPNs and vulnerability management as well as the management of security products. We probably won't go into the PKI space as there are already competent vendors there. We would prefer to partner in that space. We do not play in the physical security space today, but do cover it in our consulting practice. We provide advice but not tools.