Bit9

Security industry has exploded in the last 10 years, with a huge quantity of products and approaches. Yet for most people security is a singular concept that demands a single solution. For the first ten years of Anti-Virus protection, it was just that: one approach with few competing vendors. Then came the network connectivity, firewalls, exploitation for economic benefit, and the top has exploded.

The point here is that the market has quickly developed from generic to specific methodology for protection. Solutions are being built to address one or very few use case scenarios, and never all possible cases. For example, Vanja Svajcer of Sophos, among a long list of security researchers, warns users against relying solely on their anti-virus protection. It cannot work for every case. In today's landscape of Sql Injection attacks and custom botnet infiltration, AV tools that are built under one-size-fits-all model will not protect your data and property.

Microsoft has been so successful in pushing its Personal Computer Operating System that it now protects among others: Point-Of-Sales Terminals, Cash Registers, ATMs, Gambling Machines, Voting Stations, and not to mention TVs and mobile phones. These end points cannot and should not have the same security posture as a typical Personal Computer. For starters, many of specialized devices have a very controlled execution environment. So now, why should they have a security product that assumes that a user will want to run all the unknown code?

According to hype, Anti-Malware protection is viewed as a stale incumbent with a little life left in it. Yet no one is really recommending that we do away with it. Actually, according to Alex Eckelberry, CEO of Sunbelt Software, a typical user is quite satisfied with it, with Enterprise users a bit less. We still want protection from the known attacks while we dream of a silver bullet that would make all of our bits and bytes behave. And for those who dream, industry has a plethora of endpoint and network based offerings to fit their budget. It is really not all that important if your IDS or HIPS product is disabled or logs are never ever reviewed.

But that's not the point. Anti-Malware suites rightfully assume that there is a physical freedom loving rebel behind each end point. That's their target audience. Purpose-built terminals that perform only a set of very specific tasks require a different, more tightly controlled, environment. Needless to say, Anti-Malware suites were never meant to protect them against unknown attacks.