Mark Hofman at isc.sans.org writes: The main component of most AV products is the signature or pattern recognition component. Essentially a blacklist, I see something I don’t like and I’ll block it. This makes the product only as strong as the capabilities of the people that write the signatures as well as the processes the vendor has in place to produce signatures. [...] The main issue with this approach is that the blacklist method only detects those pieces of malware that are already in the wild. [...] Is something more drastic needed such as the approach taken by the one laptop per child project with Bitfrost. Where every process essentially runs in its own virtual machine? Read more