Well, Symantec signed an agreement to buy Platform Logic last Friday, but the word is leaking out a bit slowly. I don’t know much about the details, but consider it a necessary move; one that counters Cisco’s Jan ’03 purchase of Okena and McAfee’s April ’03 purchase of Entercept.

This is the final indicator that the antivirus evolution is on in full and that the future is Host Intrusion Prevention (HIPS). As follows the security fishtail, we move from the reactive, threat-based model to the proactive, trust-based one once we realize that we can’t catch all malicious activity without an understanding of what is legitimate (and vice versa). So this helps us understand what is good, then denies all else. Now these denials can go to a second filter to see if they can be specifically classified as viruses or other miscreant. On the reverse, it may be possible to weed out false positives by running an alert through an "allow" filter – I believe this is a bit risky, however.