Issues of false positives and ‘blue screens of death' are down to anti-virus technology being 20 years out of date.
Following Symantec's 300 corporate and 60 consumer users affected by a 'blue screen of death' bug last week, Webroot CISO Jacques Erasmus claimed that because of the way that anti-virus software has been built, it has not changed in 20 years and the way that signatures are delivered means that they cannot be changed quickly if they are faulty.
He said: “If you are delivering signatures and have an update that is faulty, then you cannot change it quickly, as it takes time to roll out signatures to millions of users. This takes time to deploy and the numbers are not operational. The model is broken.”
Erasmus also said that as updates are done outside of traditional working hours, if there is an error you need to wait until all machines are booted up to correct it. “So the model needs to be revolutionised drastically or these issues will continue,” he said.
For its most recent SecureAnywhere launch, Webroot switched to offering behaviour-based threat analysis to eliminate the need for signatures. Erasmus admitted that eliminating false positives altogether is not possible, but it was more important to react quickly and using a cloud-based system, the signature database can deliver fixes faster.
He said: “We've been using this model for 18 months now and with false positives on the old signature database it was a nightmare to get it fixed and customers were not happy. This is the new way forward.”