Layering (Score 1)

I think the layering notion, i.e. combining several different methods of AV protection operating at different levels of system granularity and with different detection methodologies is certainly an interesting one. I'm not sure if I buy the idea that the market is somehow adverse to this, unable to implement it, or stuck in a rut. It seems very easy to toss out the argument that people didn't want a heuristic detection method from norton, because they had become accustomed to McAffee's signature based approach, but I really think it wouldn't have been that difficult to combine the approaches in a single bundled package a long time ago. To go on a nostalgia trip, I remember back in the day even when people started coming out with those 'roll your own' virus engines for script kiddies, which allowed some minor tweaking and customization to foil straight signature approaches. Meanwhile, those crazy bastards in Bulgaria were rumored to be playing with polymorphic virii. To my mind, the problem really isn't one in which a straight biological infectation paradigm works, but one to which something akin to a biowarfare model is more appropriate. Remember that these things don't mutate on their own, but that there will always be a move-countermove going on somewhere. It's the same old thing - if you build better tank armor, someone will come up with better armor piercing rounds, etc.