Has the entire AV industry been wrong since its start?

I had an interesting read about a blog post of a famous researcher Joanna Rutkowska did. For those who don't know her, she's a professional security researcher well known on the web and in the world of security professionals for her research, especially in the field of rootkits and stealth malware.

Her last blog was about how, in her opinion, security companies - and especially antivirus companies are basically wasting their time developing antivirus products when they weren't useful but, instead, a digital signature could fix all problems for file infectors. Basically, a digital signature could assure us that the file we are going to execute isn't modified and, thus, isn't infected by a file infector virus.

If this would be true, anyway I sincerely wouldn't say antivirus companies wasted their time and money developing useless techniques.

Let's try to imagine a world with digital signatures that guarantee us integrity of software we are going to execute on our pc.

Actually there are billions of different pieces of software in the world, developed by big companies to small. First of all, what we should ask - is necessary to sign our own executables? If not, then a lot of single or small team developers could think they wouldn't spend their time and money (yes, maybe digital signatures have to be paid for - as are signatures for Microsoft Vista 64 bit drivers).

A Lot of developers could release tons of updates for their software or betas, even every day. They would need a digital signature every time. Now, question is: what if software isn't digitally signed? Can it then be executed anyway or is it blocked by the operating system?

Let's talk about the first option, they can be executed anyway. Then the problem still arises: we need an antivirus software.

Joanna said we should always assume that the users are not stupid. In my humble opinion that's not the right point. Users aren't stupid, simply they don't want to waste their time understanding all the security issues, as we do. They already have enough usability issues at hand. They want someone else to think for them for ICT security issues.

If they need to execute software that isn't signed for whatever reason they want to be almost sure that the software won't damage their system, or at least decrease all risks they could come across. Yes, as Joanna said (and it's not anything new) an antivirus product can't assure that a file is 100% clean, anyway it's a further check.

Now let's talk about the second option, an executable is blocked if not digitally signed. Who will handle those certificates? Who will assure these signatures will be handled in the right way? Who'll assure they can't be obtained by malware writers too? Joanna knows, she has shown how to buy a certificate for Vista. Ok, then there's all personal data of who have bought the certificate but, simply, who cares? If there isn't any software who check inside executable or what does it do, simply nobody will never check if the file is even partially malicious. A user could think: "why could it be malicious? It's digitally signed!".

Let's go over, who will assure the way digital signatures are hack-proof? And if there are flaws, as there are almost everywhere, Who will assure that the company who handles these digital signatures has the most secure servers so that nobody can breach them and play with software before they are signed? Who will assure that someone can't hack into developer’s servers and change source before they send them to the company that sign them?

Just go back and look at the Debian project servers were hacked. That's all fantasy? Yes, maybe. Indeed when we launch a digitally signed executable we have to be sure about all points we listed before. Basically we totally trust the software as it comes to our pc, we totally trust someone else who guarantee's this for us. At least with an antivirus scanner we can make some additional content analysis, regardless if it's signed or not. We check the file as it is. As said before, we can never be 100% certain a file is clean, but at least we do a check instead of believe with our eyes closed.

What's true is that with only an antivirus even with the latest heuristic technologies, there are problems with detecting samples. We are among the first who will say this, and we indeed promote a revolutionary and innovative approach to the problem. What is not true is that companies have wasted their time and money developing something useless instead of focusing on a simple way to fix the problem of file infectors.

Yes, indeed digital signatures would be a way to beef up the whole system, anyway not almost everyone in the field of security professionals is so witless and haven't already thought of this method in the past. Simply there have been technical and historical problems that motivated development of antivirus scanners and anti malware solutions, and it will be that way for the foreseeable future.

Microsoft with Windows Vista 64 bit tried to use digital signature check to avoid unknown and unsigned drivers to be loaded. By this way kernel mode rootkits can't compromise the system. Wasn't Joanna among the first researchers to show more ways to try to bypass this check?