getting the web attacking you requires a different kind of technique yet again!
Each channel opens up new way of attack
files
emails
web
IMs
etc etc.
At the end of the day, all these kinds of attacks must get CPU time to execute some malicious code. So where could that code come from it must be on the PC for it to execute? Hard disk or in RAM. So if you are a malicious software you want to get into either HD or RAM. You utilise things like Buffer Overflow etc to infect a victim machine. So if you have both “On access” and “in memory” scanning you cover both angles. However it doesn’t hurt to employ “different” techniques (pls note… i say “DIFFERENT” as there are companies out there who simply deploy same file scanning at web or email which imo doesn’t provide extra security) to be aware of these malicious attemtpts. One very good example is “Comodo Memory Firewall”. This is a Buffer Overflow (BO) protection and BO is a nasty way and much exploited way to get into your machine by simply visiting a site. There are toolkits like MPack, Icepak,Neospoilt (and many more) who dishes out attacks to victim’s machine after analysing to see which vulnerable software you have and then serve you a relevant malware to utilise the vulnerability found on the victim machine! In this BO attack scenerio, of course having file scanner “could” work if they have the signature of the malware, but usually AVs (file Scanning) is behind in terms of sig generation, so it would be great to supplement our security layer with a “prevention” layer and add “BO prevention” (Comodo Memory Firewall). So bottom line is as long as you are not taking the same technique and offering it as a solution to everything then i have a problem. If you are legitimately adding value by creating new ways to “detect and/or Prevent” at different levels of the communication channels then i would welcome it.
for example at Comodo that is what we try to do: Try to cover you from all different angles using different techniques.
Melih