Sana Security's CEO Don Listwin says Primary Response looks at 226 software characteristics deemed to be bad behavior and stops code trying to execute.

"We indict them and take them out. But he acknowledges there can be false positives, adding that antivirus scanning is complementary to what Sana Security provides in behavior-blocking," he said.

Not all analysts are ready to jump on the antivirus-is-dead bandwagon.

"Antiviral on the desktop is certainly still a must have, though mostly as a removal tool," says Gartner analyst John Pescatore.

He says his firm advises clients to buy antivirus integrated with some host-based intrusion-prevention system (IPS), noting McAfee, Symantec and others have started adding IPS to block malware where signatures don't exist.

If antivirus is dead, the question is when to hold the funeral.

Jaquith's paper points out that "antivirus products enjoy a privileged position in enterprise budgets" and "no other security product boasts nearly 100% penetration."

Research firm IDC estimates the antivirus market today accounts for US$2.1 billion on the consumer side and US$3.1 billion for the enterprise. That's expected to grow to US$3 billion and US$4.5 billion respectively by 2010.

While traditional antivirus vendors are willing to acknowledge there could be improvements, they are somewhat taken aback to hear industry analysts proclaim antivirus is dead.

"That's a bit radical," says John Maddison, general manager of network security services group at Trend Micro, which has no immediate plans to adopt whitelisting or behavior-blocking. Trend Micro is innovating with what it calls reputation services to check IP addresses and e-mail to determine if incoming code originated at a reputable source.

"If you asked people to give up antivirus, you'd find few that would do that," Maddison says.

Many corporate security managers concur.

"I wouldn't let go of our signature-based control," says Doug Sweetman, State Street's senior technology officer in corporate information security, who adds State Street has licenses with five antivirus vendors because the competition is beneficial during negotiation time. But he adds: "It's a commodity."

Sweetman also says State Street has embarked upon a "desktop lockdown" that will not allow unauthorized applications on employee computers to run.

Kathy Larkin, director of information security at Prudential Financial, said she doesn't find the argument that desktop antivirus is dead to be convincing. "I think antivirus is worthwhile and will be around for a long time."

However, some antivirus vendors, when asked how fast it takes to turn around a virus signature, acknowledge it's tricky.