I had to give my “rear-view” lecture the other day and so I thought I should just jot down a note here as an easy reminder. In nutshell, when looking forward you should be careful not to fixate on the little mirror on your windshield. Avoiding past mistakes, and learning is vital, but data about where you have been is not necessarily the best thing going forward. A turn in the road, for example…
The general manager of the Australia Computer Emergency Response Team (AusCERT), Graham Ingram, gives an excellent example in a recent article about virus writers are researching the top anti-virus systems in order to bypass them:
“The most popular brands of antivirus on the market… have an 80 percent miss rate… So if you are running these pieces of software, eight out of 10 pieces of malicious code are going to get in,” said Ingram.
Although Ingram didn’t mention any of the leading losers by name, Gartner’s figures for 2005 show that Symantec is the clear leader with 53.6 percent of the market. McAfee and Trend own 18.8 percent and 13.8 percent of the market respectively.
One vendor Ingram did mention was Russian outfit Kaspersky, which in the same tests managed to block around 90 percent of new malware.
According to Gartner, Kaspersky’s market share is a lowly 0.7 percent.
I actually think there is more to the difference between a pure-play anti-virus company like Kaspersky and f-prot and a “we’ll sell you anything you’ll buy” Symantec and McAfee. But even if we accept Ingram’s premise that the big vendors are losing relevance because they are a bigger target, it should make people think twice before assuming that just because Symantec helped them get around the last bend, they no longer need to pay attention to the road ahead.
Another example, also in recent news, is of the Israeli army adapting to Hizbullah tactics. The Hizbullah have not only acquired sophisticated arms (supplied by China via Iran — more on that another day), but Hizbullah has a series of complex tactics, tunnels and civilian targets that provides them the element of surprise. The traditional Israeli armor-based strategy has backfired as enemy anti-tank missles turn the Merkava and APC into death-traps. Instead, the Israelis have turned things upside-down and have adopted traditional troops on the ground to diffuse the effectiveness of anti-tank missles (no clear target), coupled with sniper nests to pick out the Hizbullah embedded among the women and children. You might say that the Israelis keep an eye on where they have been, but they also adapt quickly to where they are trying to go.