Antivirus solutions providers are still fighting an uphill battle. Since the appearance of the first viruses, which reared their heads in the early 1980s, to the current mobile viruses attacking cellular phones through Bluetooth, it has been a continuous struggle to ensure data security and to fight off attacks.
Today?s industry players believe that we are nowhere near the end of the virus problem, and possibly never will be. They rather see it becoming more of a problem and viruses more advanced with each passing day - like the blended threat.
SecureData (Pty) Ltd. -- South African distributor of Trend software -- says each new wave of technology disrupts security measures, and introduces new vulnerabilities. A more conservative and realistic view suggests that organizations must avoid the trap of believing that perfect security is attainable.
Says Bryce Thorrold, IT security consultant at AST: ?We currently deal with two-fold attacks, through hackers being more experienced, as well as new devices on the market extending the network, and providing more access points for viruses. Virus attacks are not going to stop.? He adds that attacks -- previously carried out by students or college geeks to show they can do it -- have now matured, and are done for financial gain, such as phishing attacks.
Added to this is the current trend of ?mobile offices? and the increase in the number of virtual offices connected to companies? back-end infrastructures.
Spam and spyware
Most antivirus solution providers say that spam and spyware should be considered as a major threat, and stress that these should be closely considered when choosing an antivirus solution.
At the recent RSA Conference in San Francisco, spyware was claimed to be the most problematic security threat at the moment. According to IDC analyst, Charles Kolodgy, spyware was a just a nuisance a few years ago, but has quickly morphed into a real security risk.
Newcomer to the antivirus arena, Microsoft Corp., with its acquisitions of antivirus vendors GCAD (RAV), Giant Company Software, and, most recently, Sybari Software, agrees that spam is a major problem. Microsoft SA technology security manager, Colin Erasmus, says: ?MSN Hotmail alone processes nearly 3bn spam messages a day. In addition to being an invasion of privacy, and a costly drain on time and resources, spam is a carrier of worms and viruses, making it a significant security threat.?
The quick conclusion is thus: Spam and spyware currently need just as much attention as any other security threats, if not more.
It is clear that a multi-layered approach to protecting data, incorporating antivirus solutions, is the current trend, and this is believed to be the most effective way of protecting networks from malicious attacks.
Zandre Rudolph, a business security consultant at Rectron, says: ?The integration and ?layering? of the various defense mechanisms not only provides added functionality, but also facilitates faster responses to threats. Most importantly, it plugs the security gaps left by disparate systems which are common on networks today.?
He says integration is also a good deterrent against ?blended? threats, which compromise and drain network resources.
Chris van Niekerk, regional director at McAfee Inc., says the company recommends traditional layered defenses in the form of intrusion prevention, firewalls and antivirus. ?However, businesses also need to consider integrating antispyware into these defenses, to tackle the emerging and growing threat of spyware.?
Erasmus agrees. ?There is no ?silver bullet? -- only layered defense,ö he says, adding that the logic is that while no one layer can be the ?silver bullet? that prevents all attacks, any attack that does slip past one layer will be caught by subsequent layers of protection.
Zenzi Nzama, enterprise risk manager at arivia.com, adds that a comprehensive IT security policy, which identifies critical and sensitive data and its dependencies, offers the best defense against the new threat levels. Plugging the hole when it leaks is no longer good enough if the organization is to survive within the new connected market.
According to Brett Myroff, CEO of Sophos distributor, NetXactics: ?Centralized updates over multiplatform networks, whether they are a mix of Linux, Novell, Unix, Windows or DOS, will ensure speedier delivery of the update, regardless of the platform mix. Multiple updates for multiplatform networks, however, introduce added complexity in terms of managing a virus threat, as well as the speed with which it can be resolved.?
Symantec Corp. regional director for Africa, Patrick Evans, believes a multivendor strategy is the most effective solution, but notes that companies need to understand their entire security environment first.
SecureData notes that an additional layer of protection can now be provided, using the approach of placing the protection ?on the wire? itself by providing integrated antivirus, anti-worm defenses on in-line hardware appliances and devices. These have the combined ability not only to provide real-time protection against viruses and worms, but also to offer the organization the concomitant ability to quarantine outbreaks so as to minimize their impact, as well as restricted network access to either remediate vulnerabilities or clean up the outbreak.
Says Gordon Love, head of security services at Faritec: ?Firewall and antivirus software at the PC level is not enough any more. What is needed now is a centralized security approach, incorporating multilayer defenses.?
Deployment and maintenance
Evans continues: ?A company?s security is only as good as its deployment and maintenance of its antivirus strategy. A major problem is the fact that the products out there are not deployed and maintained, especially on ?zombie? machines that are not monitored, and which pose a huge internal threat. Another problem is that a vast majority of companies do not check outgoing e-mail for viruses.?
Grayford Holton, MD of Holton and Associates, and local distributor of BitDefender products, adds: ?The re-infection rate of computers in SA is alarming, because companies do not bother to check their outgoing e-mails for viruses, which means that the same virus just keeps on doing the rounds.?
He says that although these viruses are picked up when trying to enter the network again, and mostly stopped, the problem remains the increased traffic on the network and the amount of time required to block them.
Evans adds: ?The best way to mitigate an outbreak is to gather intelligence that is out there already, and build an early warning system.?
Brett Salovy, GM of security solutions at Internet Solutions (IS), says: ?Most companies and their IT managers know that they need a firewall, antivirus software, mail filtering software, and the like. Sadly, these are purchased and deployed with fairly little true planning, or understanding of the risk and risk mitigation that has been purchased.?
Salovy says that companies need to first understand the value of the risk to the organization, then define a countermeasure policy, and only then deploy a solution, which delivers on the policy definition, at a reasonable cost, with no or limited additional risks and inconvenience.
Says Gordon Love, head of security services at Faritec: ?Companies should look at putting down a complete security strategy, and should have a more encompassing view of the organization, with a real-time snapshot look at security in order to establish an early warning system.? There is also a general agreement that pro-activeness is the way to go in protecting one?s network and system against virus attacks. Basically this amounts to knowing what is coming, before it hits you.
Outsource or not?
There are still mixed feelings regarding whether companies should outsource security and antivirus protection. Some believe in a totally outsourced solution, which will free companies to focus on their core business. Others say that core security should stay in-house, while only noncore security actions should be outsourced.
According to Salovy, many companies are opting for outsourced network provision. He adds: ?The provider should not, however, be expected to completely take over every aspect of your requirements. Business decisions should still be made by the organization itself. And the provider should be delivering on a specified procedure, which in turn is defined by the organization"s policies. It is also a fact of modern outsourcing that many different levels of outsourcing can be designed -- all, part, hardware, software, networking, desktops, data center -- the mix of services can be tailored to meet the company?s current needs, and changed over time.?
The future
Looking to the future, Rudolph says most malware programs will follow the lead shown by ?bot? programs in 2004, and employ ever-sophisticated versions of antivirus and antisecurity software.
?This will require the increasing use of system cleaning services to ease the impact on system security. What is more, the time between the discovery of a vulnerability and the first malware to exploit it, will shorten significantly, requiring even higher levels of proactive assessment, and bringing the possibility of the antivirus vendors? ?Holy Grail? -- true proactivity -- a step closer,? he adds.
Mobile viruses are deemed not to be a major threat at present, but many say that they will soon become one.
The general consensus is, however, that antivirus solution providers need to collaborate and work together to diminish or eradicate security threats and risks, and to try and ensure an overall secure business environment across all sectors and industries. Companies must also focus on analyzing their business needs, and truly understand the impact that a virus attack can have on their specific core business. They would need to take a more pro-active, early detection, approach to antivirus, and, coupled to this, should constantly update and maintain antivirus solutions on a regular basis, because the problem is only going to get worse.