I went to Israel last week—which, if nothing else, explains why this blog posting is a day or two late.

I had been scheduled to go to London and was dreading it because the tales of woe from Heathrow Airport were making news. The airport had clearly been unprepared for the knee-jerk change to security procedures—to the extent that laptops and other valuable gear was being lost in transit. Legal cases will follow.

However, I ducked that particular bullet and was redirected to Israel to look at some emerging video technology. It was impressive—and when I’m no longer bound by non-disclosure, I’ll spill the beans. The personal impact on me of the London “liquid bombers” was that I lost my toothpaste and shaving cream at Newark Airport. No great loss really, but the bad guys have chalked up yet another small victory over the frequent flyer. No longer can you clean your teeth on the airplane, when you fly the red eye. Forget mouthwash too.

A number of the Israelis I met expressed gratitude that I had come and not been put off by the rocket showers near the Lebanese border. (In case your reading this at a later date, August 2006 was the time of that nastiness with Hamass).

The truth is that I’d been more worried by the possibility of losing my laptop at Heathrow.

“Only in America” is a cliche for a good reason.

Last week delivered yet another mind-boggling US law suit to make you gasp and shake your head. Shannon Derick, a 14-year-old girl is suing her friend, Stephanie Eick, (almost certainly an erstwhile friend, I’d guess) for returning the iPod she had borrowed in an irresponsible way. Rather than handing it to Shannon directly, Stephanie put the iPod on her (erstwhile) friend’s school desk. A thief promptly pocketed the device.

Rather than calling in Colombo (to find the criminal and trap them into a confession), or CSI (to gather the DNA, blood spatter, etc.) Shannon did the sensible thing and sued.

It wasn’t just the iPod, dammit, she had about $45 worth of iTunes songs on it which were not properly backed up.

(Get an iMac you idiot).

It’s clear to me that a proportion of the US population actually suffers from a litigation gene. They sue because they have to sue. There’s nothing to be done about it so stop sneering. You don’t sneer at people who suffer from other congenital conditions, do you?

What needs to happen is that Google needs to be brought in to digitally monetize legal transactions so that they cost a lot less. This would allow the litigiously afflicted to manage their condition without being impoverished by it.

Wait a minute. That’s a fine business idea. If any VCs happen to be reading this blog, please  treat the above as a n application for $1 million in seed funding.

Other companies must envy Apple its ability to generate attention. The rumours that preceded this weeks’ Apple WWDC (World Wide Developer Conference) were many, various and mostly wrong. The point about the WWDC was that Steve Jobs would do a keynote. So would he announce a new iPod or iPhone or iTunes service or iVideo player or games machine or space shot? Rumours to the contrary, the answer was no. But he was definitely going to announce a new computer—which he did, the Mac Pro, thus completing Apple’s conversion to Catholicism or was it Intelism? And he was also going to announce some features of Leopard, the coming version of OS X.

This is where much was expected of the Joltin’ Jobs and, to be honest, he came out firing blanks. He congratulated Microsoft for rampant plagiarism, depicting the Redmond Replicators as Elvis impersonators (Vista is a clone of OS X Tiger in many ways) and then proceeded to showcase some new features of Leopard which were underwhelming even to most of the Apple faithful.

However, it’s obvious why he was keeping his powder dry. He has delayed the release of Leopard to ensure that it coincides with the release of Vista, which will be release some time er, eventually, er, maybe. If I were Microsoft I’d be worried. Apple has no good reason to do this other than to ensure that the two OSes are directly compared. It will cost Apple 3 months OS revenue at the least.

So Steve was a damp squib as far as cool new products are concerned (unless you think the Mac Pro is cool. I do, I love high spec workstations, but it’s a minority taste). But it didn’t matter. Within a few days the Apple rumours were buzzing again amongst the devout. Jupiter is in the fourth house, the Moon is trine to Venus, Scorpio is rising and the owl hoots close to the house. There’s an iPodPhoneMegaGamesPortable coming in September for sure.

A few correspondents and a reader who posted to this blog two weeks ago, have leapt to the wrong conclusion about the “AVID heroes”, the companies I regularly mention; AppSense, Bit9 and SecureWave that actually do stop viruses and related malware, as opposed to signature-based AV software, which only does sometimes and doesn’t stop zero-day threats. (AVID = Anti Virus Is Dreary)

They assume that the AVID heroes use behavioural techniques to stop malware. They don’t. The behaviour tracking idea sounds sensible when you first encounter it. You post a software agent somewhere that watches for specific behaviour such as trying to log the keyboard or trying to access the network or the Internet. Malware behaves like that, so “if walks like a duck and squawks like a duck, then it’s a duck, so shoot it.”

The problem with this is the ugly duckling that turns out to be a swan. As we all know, swans are protected (in the UK), you can’t shoot them and only the Queen is allowed to eat them. Stuff that looks as though it might be malware can also be important and useful software. The trojan that provides remote control of a PC is not much different from the administrator’s utility that takes remote control of the PC. How would the agent software know which was which?

So the reality is that behavioural tracking can identify suspects, but it cannot tell you for sure whether that odd little executable, 1mav1rus.exe, is on side or off side. You need to ask someone fro an opinion—the user. And that’s fine, except that the user is not necessarily going to know for sure. Indeed if 1mav1rus.exe renames itself to Word.exe then the user is likely to be fooled. In order to have the conversation with the user you have to suspend the executable anyway—in case it takes the opportunity to put the PC up for sale on eBay, post embarrassing personal adverts on Craig’s List and send the user’s credit card details to Al Qaeda. But actually you cannot do anything at all until 1mav1rus.exe steps out of line and you will only know that after the event.

If the virus writer wants to be clever then he/she can also have the virus behave in a stealthy way, not directly doing anything but using valid surrogate executables to do what it wants. If you deploy behavioural tracking the viruses will just get subtler. I’m not saying behavioural tracking is a waste of time. Such monitoring activity gathers useful information, but it won’t stop all viruses effectively. Close, but no cigar.

By the way, the three AVID hero companies (SecureWave, AppSense and Bit9,) are about to become four. I cannot name the newcomer because I’m under non-disclosure, but I can say that it is yet another start-up that uses the right approach.

Fact is that the VC community knows that AV software is fatally flawed (a number of VC companies also read this blog) so they are happy to throw real dollars at companies that can actually address the virus problem. Eventually there will be more AVID products than AV products.