You may not have heard the news yet, but there's a new whitelisting kid on the block - and it's not a small startup from Nowheresville, in Nova Scotia. It's one of the top three IT security vendors. The company is CA and the new product goes by the name of CA HIPS. So now there are 5 companies selling whitelisting products. (I will write a detailed article about CA HIPS after I've had a technical briefing on the product. It's capabilities are broad as it does more than whitelisting.)

If you have not been reading this blog regularly then you may be unaware of the AVID (Anti Virus Is Dead) campaign that I've been running. The goal of the campaign is simple. It aims to bring down the AV industry which has, for the best part of 20 years, been selling products that are ineffective at stopping viruses.

To summarise: the reason why AV technology fails so frequently is that it takes a wrong and ultimately doomed approach to stopping malware. Mostly AV products use signatures to recognise the bad guys, but this is almost completely useless for new viruses (some well known products let in 80 percent of all new viruses). Where they don't use signatures, they use heuristics—which means that they try to recognise the bad guys by their behavior. This is ineffective because the virus writers test their viruses against AV products before they release them and only release the ones that will get through. The reality is that the AV companies have been in a technology war with the virus writers and they have lost. The outcome is that PCs still get infected by malware at a dramatic rate.

The whitelisting companies; Savant Protection, AppSense, SecureWave and Bit9 are the heroes of the situation because they have technology which actually does stop malware effectively. They simply keep an inventory of the software that is allowed to run and stop everything else from running or, if the user is trusted, run new software in a sandbox that prevents it from breeding or doing damage, if it is a virus. CA HIPS is a product that also does this, so it now gets to be on the list of heroes.

CA joining the whitelisting companies is, in my view, the beginning of a sea change. Whitelisting is no longer a niche security technology. I have heard a very credible rumour that one of the big three AV companies (Symantec, McAfee and Trend Micro) intends to do the same thing—possibly this year. You know that it's over for AV if one of the big three turns to whitelisting.

So it is roughly the first anniversary of the AVID campaign and after only a year it looks as though it is starting to work. I guess it was only necessary to get the word out. I have played a pretty constant drum beat to that effect for a year. I will carry on for maybe another year. I have lots more information to publish on this and I'll not stop until the AV vendors start to melt away and sanity returns to the world of IT security.