Antivirus software plugs wormholes
Published: 02 Apr 2002 15:03 BST
Security company Network Associates unveiled on Monday new antivirus software designed around the principle "an ounce of prevention is worth a pound of cure."
The new program, called ThreatScan, is intended to add a proactive tool to the defensive technology now used by system administrators to protect their networks.
Current antivirus software scans for malicious code on potentially infected computers or in e-mail attachments, waiting until a virus or worm has already attacked a system to react to its presence. ThreatScan instead looks for the holes worms use to squirm past security and then alerts the network administrator of any that it finds.
As far as antivirus administrators are concerned, said Candace Worley, product manager for Network Associates' McAfee Security group, their job is on the line if there's a virus infection. "From (the administrator's) perspective, he needs to be more proactive about detecting vulnerabilities that could be exploited by those viruses," Worley said.
Last summer's Nimda and Code Red worms underscored the weakness in antivirus-software makers' vanilla virus scanners. The worms moved fast and had spread widely by the time most antivirus companies were able to update the signatures used to identify the rogue programs.
The worms also used well-known security holes to spread -- holes that vulnerability scanners help seek out and identify.
"We kept getting asked by the AV administrators, 'How do I know what I don't know?'" Worley said.
ThreatScan identifies all the computers and, in some cases, devices on a network and reports which ones are susceptible to a virus attack.
However, the new product is limited to scanning only for vulnerabilities that are used, or may soon be used, by worms. In addition, it requires another Network Associates product, ePolicy Orchestrator, designed to help system administrators remotely manage a company's network.
ThreatScan is based on an existing technology for pinpointing security holes. Networks Associates' Sniffer Technologies develops and sells a more general vulnerability scanner that can be used by network administrators to check for the types of holes that hackers could exploit.
For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
18 out of 48 people found this useful
- Share this article:
