"It takes two to four hours to turn around a signature for a severe rating," says Brian Foster, Symantec's senior director of product management. He adds that he can't say how long it might take for anything else. The majority of antivirus malicious code tracked by Symantec are variants "where someone has tweaked it, changed the payload," Foster says.

While Symantec's antivirus software can catch and stop variants through heuristics, a signature is needed to eradicate the specific variant code from the machine.

Foster says Symantec is adapting by incorporating new technologies, such as IPS, into its products and notes the antivirus products of the future will be working through far more than signature-based eradication.

Jaquith is ready to give credit where he thinks it's due, and his paper cites McAfee and Symantec as traditional antivirus vendors that are moving to augment signatures with adjunct technologies that include behavior-blocking.

While most network executives probably wouldn't be willing to jettison traditional antivirus software for alternatives such as white-listing or behavior-blocking, there's evidence a few are taking the plunge.

"There is that thought, that you still need antivirus and it's something you should have," says Brent Rickels, senior vice president at First National Bank of Bosque County, in Valley Mills, Texas. "It's been around so long but it's no longer adequate in this fast-changing world."

The bank, which has about 6,000 customer accounts, still uses gateway-based antivirus filtering and restricts Web surfing among employees to reduce risk of downloading malware.

But the bank jettisoned its Symantec desktop antivirus about a year ago in favor of SecureWave's Sanctuary product for the desktop, which Rickels says is less expensive.

"It builds a whitelist of [Dynamic Link Library] files allowed to run, and if it hasn't authorized the file, it won't run," Rickels says. The only downside he has found in using it for more than a year is that it takes administrative time to adjust the Sanctuary software to recognize the propriety bank applications or software patch updates from Microsoft.

But Rickels says the tradeoff is worth it. "We go through those drills, but I can control that vs. the unknown of viruses. Signature-based antivirus is like using a shield with holes in it."