Popular anti-virus solutions, with single-engine virus scanners, fail to detect Trojans, claims Jason Gottschalk, manager and IT advisory for KPMG.
Gottschalk discussed multi-engine virus scanners during the ITWeb Security Summit, in Midrand, this week.
He discussed the advantages of anti-virus signatures and their use in virus detection. He questioned whether it is the end of malware-rendered signatures, and stated multi-engine virus scanners are more effective to detect advanced malicious threats, but have the drawback of being performance-intensive.
“The possibility of detecting unknown viruses is increased with multi-engine virus scanners, as well as the elimination of false positives,” he noted.
An example of a multi-engine virus scanner is Threat Fire, which works by detecting malicious behaviour, such as capturing keystrokes or stealing data.
Gottschalk provided a demonstration showing malware, in particular Trojans, still slip through the cracks in popular anti-virus software.
He pointed out that the business market is rapidly moving to mobile devices such as laptops, smartphones and BlackBerries, and that cyber criminals are starting to target these devices.
Sophisticated worms, such as the Conficker virus, are an example of where traditional anti-virus software fails and where multi-engine scanners, such as Threat Fire, steps up to the challenge, he added.
“The Conficker virus is a worm that infects computers across a network by exploiting a vulnerability in the Windows server. It can spread via removable drives and weak administrator passwords. It disables several important system services and security products.
“The biggest concern was that a lot of anti-virus solutions didn't pick up the Conficker virus. That's the real risk and virus vendors are playing on people's insecurities.”
Share