Spurred on by new - and ever-present - security threats on the Internet, the anti-virus software market is breaking new ground in terms of sophistication to counter them.
This is the view of Zandre Rudolph, a business security consultant at Rectron. He says anti-virus software vendors have been able to come to terms with the fast pace of change in this sector through greater emphasis on new technologies, R&D and "old-fashioned" vigilance.
"Anti-virus software vendors are now on top of most of the virus writers` moves and are able to counter new spyware, spam, trojans, "bot" programs and adware threats almost as fast as they are discovered," he says.
"It`s not surprising to learn that hundreds of new virus strains appear every month. Currently among the most malicious are the Nachla worm, all the Netsky variants and the Byteva A virus.
"Viruses such as these resulted in a staggering three million major corporate infestations worldwide each month in 2004. This mark will be exceeded in 2005 by a considerable margin."
Rudolph says the latest software offerings from companies such as Symantec now combine firewall, intrusion detection and gateway anti-virus protection in one integrated solution.
"The integration and 'layering` of the various defence mechanisms not only provides added functionality but also facilitates faster responses to threats. Most importantly, it plugs the security gaps left by disparate systems which are common on networks today.
"Many network platforms employ, for example, firewall solutions from one vendor, spyware detection from another and anti-virus software from yet a third supplier."
He says integration is also a good deterrent against "blended" threats, which compromise and considerably drain network resources.
"Blended threats combine the characteristics of viruses, worms, trojans and malicious code with server and Internet vulnerabilities to initiate, transmit and spread attacks at the fastest pace.
"By using multiple replication methods and techniques, blended threats can rapidly spread and cause widespread damage," he warns.
Characteristics of blended threats include broad-based denial-of-service attacks, the critical disablement of Web servers, and the placement of multiple trojan programs.
"Blended threats propagate in many ways," he explains. "They scan for vulnerabilities to compromise a system and then embed code in HTML files on the server, infecting visitors to the Web site or sending unauthorised e-mail from the server with worm attachments.
"They also launch attacks from multiple points, injecting malicious code into the .exe files on a system, raising the privilege level of the guest account, creating world read and writeable network shares, making numerous registry changes, and adding script code into HTML files."
Rudolph adds that blended threats, like many viruses, are capable of spreading without human intervention by taking advantage of known vulnerabilities, such as buffer overflows, HTTP input validation vulnerabilities, and known default passwords to gain unauthorised access.
Looking to the future, Rudolph says most malware programs will follow the lead shown by "bot" programs in 2004 and employ ever sophisticated versions of anti-anti-virus and anti-security software.
"This will require the increasing use of system cleaning services to ease the impact on system security. What`s more, the time between the discovery of a vulnerability and the first malware to exploit it, will shorten significantly.
"This will require even higher levels of proactive assessment bringing the possibility of the anti-virus vendors` 'Holy Grail` - true proactivity - a step closer," he adds.
Share
Editorial contacts