Security vendor eEye has said it will add anti-virus to its Blink intrusion prevention product, with a beta due early next year.

"We are developing our own generic anti-virus now," said eEye co-founder and chief hacking officer Marc Maiffret. The beta version will "be an update basically, so any customers who have it will get it for free".

Currently, the Blink firewall can be used to enforce security policies and protect clients from network-based attacks, anti-spyware and phishing attacks.

Rather than checking software that wants to run on the system against a database of known malware, it uses "signature-based" prevention. Blink's anti-virus software will examine the program's behaviour to determine whether or not it is malicious. This approach is already used by a number of products, including Sana's Primary Response and McAfee's Entercept.

The anti-virus software market is a crowded one, but eEye is taking the right approach, said Andrew Janquith, a senior analyst with Yankee Group. "It's a bit late for them to come to the party, but they may benefit from recognising that the signature-based approach to virus detection isn't working anymore."

Signature-based techniques are still the most widely used form of anti-virus detection, but they are starting to break down because of the massive amount of malicious software in circulation, Janquith said. "There are well over 100,000 signatures that anti-virus vendors are tracking. By way of comparison, most PCs have about 50,000 files on them right now."

Behaviour-based anti-virus software has a chance of preventing unknown attacks from succeeding, but it is generally not as effective as the signature-based alternatives against known attacks, he said.

The anti-virus market is dominated by Symantec, McAfee and Trend Micro. In 2004, they accounted for 83 percent of the $2.5 billion worldwide anti-virus market, according to Gartner.

Blink is not the only product that eEye has been improving. Earlier this week, it announced a new version of its REM management console. REM 3.0 features improved management and reporting capabilities.