http://www.businessweek.com/technology/content/jan2007/tc20070122_300717.htm By Robin Bloor January 22, 2007 Antivirus technology is a crock. It fails to prevent computers from getting infected with viruses, and this failure contributes to many other security woes that plague the world's computers. Because viruses spread, hackers find it easier to compromise computers, identity theft is better enabled, and computer fraud is easier to perpetrate. Virus-infected computers become a resource for hackers to exploit. Some hackers assemble and control networks of thousands of such computers and use them to distribute huge volumes of spam, mount sophisticated phishing attacks, and launch targeted "denial of service" attacks on companies. The level of virus infection is high. It's not an epidemic; it's a pandemic. How bad is it? That depends on how you look at it. For the home computer user and small-business user, infection is chronic. In June, 2006, Microsoft (MSFT) revealed the results of a 15-month test of its Malicious Software Removal Tool on home PCs and small-business PCs. The utility had been used to scan and clean 5.7 million PCs, and it found backdoor Trojans, or programs that let hackers gain entry, on about 62% of them. And during the 15-month period, 20% of PCs that were cleaned were reinfected. Big companies aren't immune, either. The 2005 Yankee Group Security Leaders & Laggards Survey indicated that while 99% of enterprises have deployed antivirus programs, 62% got infected by viruses. The situation for large enterprises is, it seems, not much better than for other PC users. They may be better able to recover from infection, but they still get infected. Faulty "Burglar Alarms." So why is it that AV technology does such an inept job? Consider the following information, published last year by AusCERT, Australia's Computer Emergency Response Team. The most popular AV products fail to prevent 80% of new viruses. AusCERT declined to name the AV companies publicly, but in case you didn't know, the leading AV vendors are Symantec (SYMC), McAfee (MFE), and Trend Micro (TMIC), in that order. Mind you, it isn't necessarily the case that these products are technically inferior to other AV products. It's just that most virus writers test their viruses against the popular AV products before unleashing them on the world. Because of this, AV technology is doomed to be ineffective, and it is never going to be effective. The AV vendors have built "burglar alarms" that alert you only if a known burglar tries to enter your house. Any burglar that they don't recognize gets in unopposed. The practical solution is to have a "burglar alarm" that sounds when anyone you don't know tries to enter the house. Deceptively simple, isn't it? But security products that work in this way have only recently been introduced. The first company to offer such a product was SecureWave, in 2001. Since then three other companiesAppSense, Bit9, and Savant Protectionhave introduced products that work in this way. Instead of focusing on identifying malware, these products manage a full recorda so-called white listof the valid programs, and prevent other programs from running, or, if necessary, run unrecognized programs in quarantine until their nature becomes clear. Not Solved Yet At the moment these products are focused only on the enterprise market. As the persistent failure of AV products becomes increasingly visible and as the popularity of these newer products grows, they will become available to the home user. Until then, the computer virus pandemicand all the evils it engendersis likely to continue. Symantec Chief Executive John Thompson declared in a speech in October that the problem of "worms and viruses is solved." It was a bewildering declaration, coming at a time when virus infection rates are as bad as they have ever been and cybercriminals are better able to exploit such infections. But he was partly right. Only it's not Symantec that has solved the problem. Technically, the malware blocking problem is solvedby the handful of companies that deliver a whitelisting-based solution. Yet cybercrime is rampant, and it will remain a blight until the use of this newer wave of products is widespread. -=- Bloor is a partner and analyst with Hurwitz & Associates, a Massachussetts-based IT research and consulting firm. He is also chief research officer and founder of Bloor Research, an IT research and consulting firm based in Northamptonshire, England, and co-author of Service Oriented Architecture for Dummies.. _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Sun Jan 21 2007 - 22:44:41 PST