In my new book, “The Myths of Security” (O’Reilly, 2009), I spend a lot of time looking at why traditional antivirus solutions get a bad rap. I also challenge the reader and the industry with some controversial statements designed to push the reader to think about how the industry must respond to recent changes in the threat landscape.

Many technologies really don’t do a good job at detection and are slow. At McAfee we realized this a long time ago and have been making radical changes to the traditional antivirus model. This has led to industry-wide recognition for the quality of our antivirus detection, which will only get better as we continue to innovate.

But what is wrong with traditional AV solutions? There are many issues, but here are a couple of the big ones:

1) The traditional “blacklist” approach doesn’t scale very well to the amount of malware coming out. McAfee addresses this with a wide variety of automation techniques, cloud-based intelligence gathering through McAfee Artemis technology and a couple of different whitelisting technologies, including our Solidcore acquisition.

2) Other vendors tend to be very slow to respond to threats because they are dependent on their customers and peers to see new malware and then have analysts manually look at incoming samples. McAfee, on the other hand, leverages its Artemis and TrustedSource cloud technologies to get information about potential new threats. As a result we can often block threats automatically, based on what we see happening on the Net. In short, we often see malware long before our competitors do.

I believe that, over the next few years, other vendors will catch up to where McAfee is today, by adding whitelisting and cloud intelligence technologies (though they still won’t have the same level of integration or the management capabilities of ePolicy Orchestrator).

In the meantime, we’re already working on more major improvements for 2010 and beyond!