Anti-Virus Software: Is the Cure Worse Than the Disease?
Is desktop anti-virus software headed for irrelevancy , or is it on track to endure as a security measure? That question has surfaced repeatedly in recent years. Various disenchanted users have reported for some time that they forgo anti-virus software, preferring to rely on their own security moxie. In 2006, consulting firm Hurwitz & Associates launched an "anti-virus is dead" campaign, contending that signature-based technologies can't provide adequate virus protection.
But arguments for anti-virus technology suggest that many users lack the security savvy to do without desktop protection. Security vendors, for their part, believe technology improvements equip them to deal with evolving threats. Symantec Corp ., for example, has embedded behavior-based scanning technology into recent products, which the company says helps protect against zero-day attacks .
More Harm Than Help
That said, some industry executives view anti-virus technology with a degree of skepticism.
"The problem is that many of the AV (anti-virus) products have crossed over into being bigger problems for the users than the viruses they protect against, often screwing up how legitimate products work," said Rob Enderle, principal analyst at Enderle Group. "And they can be almost impossible to uninstall without experiencing major problems."
Enderle also noted that anti-virus wares generally appear unable to keep pace with the increase in polymorphic viruses, which he described as viruses that are "different on almost every machine they touch."
David Lawson, director of risk management at Acumen Solutions Inc., a business and technology consultancy, said he stopped using anti-virus on many of his computers about 18 months ago. Initially, he disabled anti-virus to conduct malicious code experimentation on a subnet with three computers. He expanded the approach to more machines as anti-virus subscriptions expired. Lawson said he's encountered no problems with his computers since going without anti-virus software, and that he believes ISP scanning and corporate border scanning have kept trouble at bay.
But Should Enterprises Drop Desktop Anti-Virus Software?
Lawson said that organizations should consider the cost of software in terms of both licensing fees and employee productivity. If the dollar or productivity impact proves unfavorable, "there's a strong case to be made for pulling [anti-virus] off the desktop and going with border scanning and infrastructure based scanning," he said.
Liability Worries
But as for actual practice, Lawson said that he's not aware of any examples of companies that have disabled desktop anti-virus software. IT managers might think such a move possible but may be unwilling "to accept the liability of recommending it," he said.
George Myers, director of product management for Symantec's endpoint security group, said that he doesn't see anti-virus deserting the desktop. "Our view right now is that [anti-virus] will remain at the desktop as well," Myers said. He explained that endpoint security remains essential in light of mobile users and the blurring of the enterprise perimeter . Employees or contractors who bring laptops into an organization can introduce infections within the perimeter. Myers identified the remedy as a layered security approach deployed at multiple points throughout the network infrastructure.
"Laptops, and mobile devices are constantly being connected and disconnected from a company's network as workers travel in and out of the office and connect to network resources from remote locations," Myers said. "This dynamic perimeter demands the use of comprehensive security technologies to protect the information that resides on these machines."
Jon Oltsik, senior analyst for information security at Enterprise Strategy Group, also sees anti-virus in the context of layered defense. "The whole notion that AV becomes irrelevant is misguided in my opinion," he said. Oltsik said that attackers have devised ways around anti-virus, but he noted that there are "still plenty of garden-variety attacks where AV is useful."
Beyond Signatures
But anti-virus vendors aim to push their products beyond the traditional threats. Products over the years have relied on signature-based detection of viruses. But signatures are only effective against known exploits. Rapidly mutating malware can outstrip the anti-virus vendors' ability to write signatures.
"Many systems still use a signature-based system as the sole method of detecting malicious code, which is becoming less and less effective all of the time," said Kevin Prince, chief security officer at Perimeter eSecurity, a managed network-security services company.
Myers acknowledged the changing threat landscape, noting that signatures aren't 100 percent effective against many different types of threats. Symantec's response has been to use a combination of signature-based and behavior-based technologies in its products. Behavior-based technologies examine behaviors of an application and may block executables from running based on the examination of those behaviors.
Symantec introduced behavior-based scanning to its anti-virus offerings in the late 1990s. The company's Symantec Endpoint Protection 11.0 product line, which became available in September 2007, includes TruScan behavior-based technology, which stems from Symantec's acquisition of Whole Security in 2005. Symantec Endpoint Protection also includes Generic Exploit Blocking, which Symantec says employs a single signature to block all exploits targeting a specific vulnerability.
So Is Anti-Virus on the Way Out or a Technology with a Future?
Prince said the answer to that question may depend on the user's perspective. "I have seen many experienced users, what I will call ‘power users' not use anti-virus software for years," he said. Prince said those users can identify email that could contain viruses, are conscious about the media they connect or use in their systems, and know how to configure browsers to not download malicious content off the Web.
But for other users, desktop protection will remain important, Prince suggested. Today's protection suites perform not only anti-virus chores, but also provide other features such as anti-spam , firewall , intrusion detection and intrusion prevention . Prince said, "A less sophisticated user that disables this package would certainly be putting themselves at risk."
Any operational business model relies heavily on IT support and the help desk to achieve maximum uptime for all IT systems. This white paper addresses ways for help desk analysts and IT support staff to easily and efficiently handle their workload by simplifying and automating processes to increase time and operational cost savings, enhance productivity, and boost customer satisfaction. more
