BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Security

Security management Toolkit

Protect your network: Antivirus software is not enough

Tags:
Firewall,
Antivirus,
Network Protection

Toni Bowers Tech Republic

Published: 29 Jan 2004 15:05 GMT

When the Blaster, MS/SQL, and Sobig worms made their appearance on the scene in 2003, one thing became clear: none of the worms was initially stopped with antivirus software.

According to a report issued in January 2004 by the Aberdeen Group: "The Internet worms of 2003 took advantage of common network channels and system vulnerabilities to deposit executable payloads on unprotected PCs and PC servers. These worms were able to gain access to resources on the local corporate network to subsequently infect other PCs and PC servers throughout the network."

So what does this say about the efficacy of antivirus software? Can it help fight the newer strains of viruses?

John Verry, a consultant for the security firm of CQUR IT, told TechRepublic that "antivirus software by its very nature [signature-based detection] is a reactionary technology. Accordingly, any worm with the ability to replicate with the speed and efficiency of an MS/SQL will render antivirus ineffective to block the initial outbreak."

Verry doesn't believe the problem is with antivirus software, however, as much as it is with the Internet community's inability to develop less vulnerable software and for the end user community's reluctance to rapidly patch vulnerabilities as they are discovered. (For more information on improving your patching practices, read "Quickly deploy Microsoft security patches with KiXtart login scripts" (free registration required)). He said, "AV is still a critical piece of a well-layered security infrastructure and brings significant benefit relating to these worms as it prevents reinfection and is often the tool of choice for removing them."

He added that the most effective way to prevent business disruptions from these newer worm variations "is to add ongoing vulnerability assessments and diligent patch management practices to existing security efforts."

The Aberdeen group agrees that AV software is still effective as long as it's part of a combination package; the challenge for buyers and suppliers in 2004 will be a package that delivers antivirus, PC firewalls and antispyware. The PC firewall can "prevent inbound payloads from landing and sending unauthorised outbound communications to unknown locations."

1 2

Did you find this article useful?
183 out of 314 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Company/Topic Alerts

Create a new alert from the list below:

network protection
Firewall

Antivirus

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video

Install Flash Player plugin

Find out more: Microsoft exec outlines...

All videos
Most popular videos
Latest videos

Featured Talkback

In association with Network Liberation Movement

It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.