This is at odds with my experience. Are you sure you've been talking to
the right people? Is it possible you've only been talking to A/V vendors?
I find it entirely plausible that there is such a consensus among A/V
vendors, but I'm pretty skeptical that the rest of the security community
would make this kind of claim. What I hear, instead, is quite a bit of
skepticism about the future of A/V.
Here's an experiment for you. Walk up to a random security expert and
ask them what they think of blacklisting as a foundation for building
secure systems. Ask them what they think of the future of A/V in security
and whether they think A/V will be of increasing or decreasing relevance
to security in the future. The answers might be educational. Actually,
I suspect it's even possible you might find that many knowledgeable A/V
insiders privately share some of these same concerns about the future
of A/V -- look at how pretty much every major A/V vendor out there is
looking to diversify, to expand into other areas of computer security
and compliance, and to move beyond signature-based file scanners.
If you picked a bunch of computer security experts who don't work for an
A/V vendor and asked them what they thought about all this, I suspect
they'd be more likely to line up behind the kinds of comments that Ted
Tso has been posting. Personally, I think Ted's comments have been
highly constructive, thoughtful, and well worth re-reading.
--
