With the introduction of bogus malware scanners like StopSign (http://www.eacceleration.com/) and pretty much anything advertised in a pop-up, I feel like its time for a change in the way Anti-Malware is handled. I have a few questions and would like to see some opinions.

AV's are great and all but I think that they are losing the fight, and I don't believe that the responsibilities are distributed efficiently among malware vendors. Just today, I ran updated scans with multiple scanners, (everything through the malware checklist I wrote) on an office box, and the malware practically won. I had to do all sorts of manual removals of virii & adware with HJT and other hacks, and I spent the most amount of time I have ever spent on a machine like this. Funny thing was, xp was fully updated.

So I've been thinking, it seems like every malware vendor has a scanner, and definitions. Norton sells the AV scanner, and they sell a subscription to download signatures. But with new bogus scanners becoming available, and even COMMERCIALS for them (stopsign), the average consumer will soon be screwed over. I think the future of desktop Anti-Malware will need to be open source. So far all I have seen is ClamAV, which I like, but it doesn't seem very quick, or up to date from my minimal use. So here are my ideas for a better AV solution.

1. I think that splitting up the responsibilities into 2 groups would be more powerful. The scanner end would be developed by the open source community, and the definitions developed by the current vendors (or community). The definitions should be designed by a standard, so a single scanner can use multiple vender definitions. This way, Norton, McAfee and other AV companies still make money off their subscriptions, provide better definitions because they no longer need to develop the scanning engine, and can still compete with each other to provide stronger, quicker definitions at a faster rate. Definitions created by open source groups will be possible, because a standard design exists for them, and homemade definitions will be possible as well. The scanner's integrity will be the same as any open source project.

2. A centralized location to submit malware, possibly goverment operated, that vendors and open source developers can have access to, to create definitions. When an alpha definition is made, the malware is locked up.

Obviously, huge roadblocks exist in this design. The "standard" definition will be near impossible to create, because of polymorphism. It would take global vendor support to pull off, and would probably only happen if they can all agree on a standard design for definitions and scanners. And a standard for heuristics is obviously tough too, because heuristics suck as it is anyway. Only time can tell, I guess.

Thoughts or comments?