Johannesburg, 07 May 2007
Predictions by some analysts that anti-virus solutions (AVS) as we know them, are dead in the wake of Microsoft launching its Forefront Client Security product last week are premature, says Mathew Lodge, Symantec's director of product marketing for EMEA.
"We are trying to deal with the world the way it is, not the way we would like it to be," Lodge says. "Yes, Microsoft is more secure, but even they say you still need security."
AVS today take the basics for granted, says Lodge, such as firewalls and signature analysis. But attackers, too, take these measures as a given. As a result, they've changed their tack. "Zero-day attack has been a theory for the last few years," he says. In the second half of 2006, 12 such attacks were detected, up from the zero recorded in the previous semester.
Another new menace is polymorphic malware that, as the name suggests, constantly mutates to change its signature, traditionally the means used by AVS to detect malware. Lodge says Symantec now counters these by looking at behaviour. "We look at what the software is doing. If MS Word suddenly starts sending e-mail, it is probably malware."
Lodge says new-generation AVS root out malware by looking at the network connections it seeks to make and the use of system memory. This also allows such AVS to hunt down root kits that seek to hide from scanning tools in the operating system, and deliberately remove themselves from inventories.
Lodge says another green field for malware enthusiasts is Web-based services. As Java script becomes more powerful, the likelihood increases of malware running on Web pages rather than machines, in that way bypassing most AVS.
Briefly looking at organised crime, which he describes as a "business like any other", Lodge says gangs are starting to move into the IT industry, recruiting programmers to write malware. He notes that cases of "virtual identity theft" have been recorded, as a lucrative online games environment spawns profitable opportunities for the ethically lax entrepreneur.
Already, the price for an identity in World of Warcraft with one month's experience and weaponry fetches $10, $3 more than the average price for a stolen credit-card number with verification digits.
On Microsoft's new offering, Symantec is diplomatic. "Microsoft has done a good job helping raise awareness around the need for better end-point security, and we applaud them for illustrating the importance of ease-of-use," the company says. "Security and simplicity must go hand-in-hand if vendors are to protect customers from today's evolving threat landscape. Security also requires the technology, information and experience necessary to provide customers a higher level of protection.
"Symantec has been delivering on these needs for more than 15 years, as evidenced by 31 consecutive Virus Bulletin 100 awards," the company adds. "Does Forefront Client Security do the same? From what Microsoft has said publicly, Forefront Client Security is based on the same anti-virus and anti-spyware technology as its OneCare product. OneCare has failed multiple third-party anti-virus tests, including the latest Virus Bulletin, which is widely considered the benchmark test for AV engines."
Related stories:
iPod concept virus discovered
Fortinet reveals March threats
Kaspersky earns Five-Star anti-virus review award
Panda Software protects users of new Windows Vista operating system
Share