John Alexander Lockheed Martin
Has the time come for anti-malware vendors to allow customers to write their own anti-malware signatures? Anti-malware vendors typically consider the technical details of their scan engines and their associate signatures to be proprietary. Perhaps the time has come for more technical transparency and collaboration between vendors and their customers. Increasingly, cases are being made to allow customers to leverage the decomposition and inspection power of anti-malware tools for private means. Security practitioners are able to write their own signatures for most security products except anti-malware. Perhaps customers could innovate new signatures that anti-malware vendors with a global perspective might be risk adverse to attempt. We have already seen this work well with particular product-specific configuration within certain anti-malware products; why not signatures too? This paper will be a discussion of some of those business cases, customer challenges, how the anti-malware industry might be able to help solve these problems, and perhaps start a broader industry discussion.
