Late summer brought a rude awakening for those network managers who felt secure in their virus-containment strategies. W32/ Blaster, W32/Welchia and Sobig.F waltzed through the Internet in rapid succession, leaving billions of dollars in damage in their wake.. . .
Late summer brought a rude awakening for those network managers who felt secure in their virus-containment strategies. W32/ Blaster, W32/Welchia and Sobig.F waltzed through the Internet in rapid succession, leaving billions of dollars in damage in their wake. These worms employed blended threats--combinations of attack mechanisms, such as social engineering and network communication strikes. The authors of these threats got around conventional antivirus (AV) defenses and left many security teams swamped by infections, patches and disinfections. At about the same time, the CCIA (Computer & Communications Industry Association) and Gartner declared that reliance on the Microsoft "monoculture" would make it far too easy for virus writers to cripple the Internet infrastructure, adding to enterprise unease (read the CCIA's report).

Given this sad state of affairs, we'll admit that we set out to test AV devices hoping to find a silver bullet. Alas, though many vendors have made progress, we didn't find anything that would prevent folks from getting hammered again next time a new attack comes down the pike. Why? Because the industry is still in a reactive rather than proactive mode. It would take a virus or worm with a particularly destructive payload putting thousands of companies out of business to motivate the industry to solve the root problem: anonymity.

Against this ominous backdrop, we set out to see which antivirus products could best fend off the new generation of network worm and virus attacks. Our two key questions: Have AV vendors been able to put together products and strategies that can defend against worms and blended threats as well as traditional viruses? And is there any way to defend networks during the window of vulnerability that exists for all AV products because of their reliance on purely reactive signature-scanning technology?

Computer Associates, F-Secure, Network Associates, Sophos, Symantec and Trend Micro all responded to our invitation. Panda Software and Global Hauri both expressed an interest in participating, but were unable to get their products to us in time.

The link for this article located at SecurityPipeline.com is no longer available.