I have been thinking more and more that the industry is going about Malware detection the wrong way...

Who wants to make sure they have the latest virus definitions and other security 'updates' to help keep the peace? Its ugly and the programmer in me keeps thinking there has to be a better way, cos this model sucks...

The end-user generally doesn't understand the nature of these definitions and will often forget to update. This would all be null if they just implemented some basic security measures in the first place (prevention not cure)... but thats for a different discussion...

I have heard on the wind about a different 'style' of malware-detection software. It can have Zero-day malware detection because its based on the nature of the 'software' rather than some predefined rule-set that needs to be updated. [like semantic not syntactic]

Can anyone shed some light on this?