The End of Signature-Based Antivirus Software?

nosig writes "PCMagazine is running a story around the latest AV-TEST response time and proactive detection test for the latest MS05-039 vulnerability related attacks. The test results were announced by the author to the focus-virus discussion list. What's really impresive, besides the huge difference between response times among antivirus companies, is that two products succeeded to proactively detect all 6 attacks without any signature update. "

Data from the article

The product scores (only the trolls need more karma). Or you can try page 4.

BitDefender 6/6
Fortinet 6/6
Nod32 5/6
eSafe 3/6
F-Prot 3/6
Panda 3/6
QuickHeal 3/6
McAfee 2/6
Norman 2/6
AntiVir 1/6
ClamAV 1/6
Proventia-VPS 3/6
Panda TruPrevent 6/6

Hotmail is doing this already?

[Thunderstruck]

I think, based on my personal experience, that Hotmail is already moving away from virus definitions to a more general measure of "traits." In the case of Hotmail, the primary trait used in determining whether a file contains a virus is whether or not it has a really long name and more than one "." (dot) in it.

I base this on the fact that, after exporting a document from StarOffice 7 directly to a .pdf file, and using a filename with two "dots." I send this document to a Hotmail user, who wrote me back that Hotmail had declared the file to contain an incurable virus. Reasonably sure that my Xandros linux box had no virii on it, I renamed the file something more Microsoft friendly. The file was received with no problems.

So there you have it, any file with a suspicious name must contain a virus. Easy, reliable detection.