Can MessageLabs improve Symantec Antivirus

I rescued an old comment from Akismet (the spam filter I’m using on the blog) because it asked a interesting question. How can Symantec’s acquisition of MessageLabs improve their desktop antivirus.
My first reaction to this is that MessageLabs Antivirus can’t be duplicated at the desktop. They use multiple antivirus engines in addition to their own Skeptic engine – a collection of heuristic detections. Multiple scan engines work on gateway servers, and Microsoft Antigen/Forefront/whatever uses multiple engines on Sharepoint. But at the desktop performance is needed. Also don’t quote me on this, but I thought I’d read that the Skeptic database has a huge ruleset. That also doesn’t lend itself well to desktop performance.
Multiple antivirus vendors are now looking at implementing antivirus in the cloud. In this model, new/unknown files are sent to the cloud for analysis. Skeptic would fit in well in Symantec’s implementation of that model.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>