AV signatures versus policy-based detection
Anti-virus signatures are unable to provide ‘real-time’ protection and combined with on-demand scanning and a sandbox doesn’t provide more than ‘entry-level’ protection. Therefore this historic and generic threat analysis isn’t the way forward. That said, this approach should be considered as part of system process and rule-based policy monitoring (i.e. anti-malware behaviour detection).
You can now see that it is possible to detect unwanted intrusions (and in relative real time) as malware nearly always attempt to modify the systems signature. Using the kernel element, policy-based software can protect these system-level events (and also protect it from any modifications) as well as provide in the future, SBS style policed-based rules sets.
It’s only a matter of time before all the AV vendors compete in developing this anti-malware hybrid solution for the global market.
Safe surfing folks!