Will 2007 be the year in which AV technology goes into rapid decline? Reading the runes, the answer, most likely, is “yes”. Let’s recap on the AVID campaign:

I began this campaign, the only dedicated web campaign that I’ve ever run, by accident. On 28th March last year, I posted a blog entry entitled Come in, Antivirus Software, your time is up! My reason for posting this was that I had come across yet another Security Software company that had taken the opposite approach to stopping viruses; don’t try to recognize what is bad, it’s a hopeless task, just keep a record of what is approved and either block or quarantine everything else.

I saw the arrival of yet another start-up employing this idea as a trend in motion, so I wrote the posting. I expected that I would get some immediate kickback from the AV industry (for it is an industry). It occurred to me that my reasoning on the matter could well be wrong and might have missed some key facts. Instead there was a deafening silence from the AV industry.

In the weeks that followed it become clear to me that the AV industry already knew that they were living on borrowed time and they probably just hoped that I would get bored and write about something else. Instead, I decided to run a campaign against AV.

Here’s why: AV technology is doomed anyway. So let’s get it over with and move to the technology that implements security in the right way.

As we stand here at the beginning of 2007 we are looking at a software industry that has “bet the farm” on SOA. Almost every software vendor of any relevance is marching to the SOA drum beat. This is the first time that the software industry has been so convinced about a software architecture.

There was opposition to 4GLs and to relational database and client/server and object orientation and to Java based architectures. But there is no opposition to SOA—at least none that I can find. And this means, in turn, that, ultimately, the software industry will implement SOA across the board. Ultimately it will be as ubiquitous as the browser.

So where does AV fit into SOA? It just doesn’t.

Ultimately with SOA, software will dynamically link to other software in real-time and in doing so it will need to know whether the software it connects to is valid. The only scheme that will work for this is a white-listing scheme, where you recognise valid software from a validated whitelist or where you dynamically examine its credentials and, if they are valid, connect.

AV simply has no contribution here. It’s wrong. Only the security products from SecureWave, AppSense, Bit 9 and Savant Protection have relevance. AntiVirus Is Dead. Its demise is likely to become increasingly visible this year.