Why is a virus scanning program not enough?

On the market today, no independent virus scanner is rated as the fastest or most effective in identifying viruses, trojans and other dangerous threats. This article will show why using multiple virus scanning programs at the mail server level is the most effective way to prevent virus attacks and detect where they are hiding.

Introduce

An undeniable fact in IT life is that viruses, trojans, worms, spam and some other types of malware are always potential threats to all businesses and organizations. They attack, sabotage, steal data, cause thousands of dollars in damage, negatively impacting the productivity and operation of the business. According to the 2006 FBI Crime and Security Survey statistics, 97% of organizations were asked to install at least one antivirus software, but 65% in that has experienced at least one virus attack in the last 12 months. Network World also cited a number of other research results: US companies alone spent $ 3.5 billion in Blaster, SoBig.F, Sober and many other e-mail viruses. Similarly, a study conducted by the British government in 2006 showed that in 2005 43% of companies in the UK were attacked by viruses.

Responsible organizations agree that they need to protect the network against virus attacks by installing at least one e-mail security product. But malicious code is increasingly sophisticated and upgraded every day, due to the skills and qualifications of those who write them up. Virus destructive form is always one step ahead of the detection method of their killing program. They can even easily pass through antivirus and firewall software solutions, even though they always give regular notifications. The success of the virus is due to a wide association of logical holes with legacy weaknesses on the basis of security campaigns using only an antivirus program.

This article will explain why to answer the question: ' Is a virus scanning program sufficient to protect the internal network against viruses, worms and other threats? ', there is only one short but definitive word given:' NO! . At the same time, we will also examine the need to use multiple antivirus software to speed up the response time when new viruses or their variants appear, thus reducing the risk of network attacks. . Using multiple antivirus software also allows the admin to become an independent expert, self-assessing the specific quality of each software and thus selecting the best product, best suited to the network he manages. .

It is necessary to shorten the reaction time to the virus

One of the most important factors when you want to protect the network before the virus is the time to update the virus identification file for the program must be fast. These files are provided by the antivirus software manufacturer, providing standards to determine how they are considered a virus. Email allows viruses to spread quickly at the speed of light for several hours. A single e-mail virus is enough to attack your entire network. Therefore, the key factor is that the signature files must be updated quickly when new viruses appear. In all virus-induced attacks, there is always a time difference from the time the virus attacks until the new signature file is provided, for the virus removal and elimination elimination program. leave them. The faster the file the sign is updated, the less chance the attack will take. A British government study in 2006 showed that in 2005, although 100% of large UK companies used anti-virus products, 43% of them were still attacked by viruses, most of them due to files. signs of new viruses are too slow.

Any antivirus software firm claims that its products have the fastest response time, but the reality is not so optimistic. Each company has a different time to update patches to remove viruses and worms. Even with the same company, the time to update a virus may be only 6 hours, but the next virus may take up to 18 hours. The complexity of the problem makes no security software manufacturing company hold the number one position for a long time. Some companies may have faster speeds at a time, but no company has maintained that position for too long. Maybe this is Kapersky, next time it's McAfee, BitDefender or Norman .

The difference in time does not necessarily reflect the quality of work or the quality of the manufacturer. The first element it reflects is geographic location and time zone.

A number of studies on the timing of launching new programs when Worm / Sober virus appeared by some manufacturers of anti-virus software.

Table illustrating time:

Table 1 - Response time of antivirus software companies before the appearance of w32.Sober.C worm :

Range: from 10.5 hours to 56.5 hours. Average: 17.5 hours. Usually: 24.53 hours.
(According to the data of February 2004 of VirusBTN)

Table 2 - Response time of antivirus software companies before the appearance of w32.Sober.Y worm:

Range: from 11.5 hours to 170 hours. Average: 115.75 hours. Usually: 105.6 hours.
(According to av-Test.de November 2005 data).

As you can see, the time it takes for companies to come up with new virus processing programs takes hours, even days. That's enough for them to attack your network.

Need to combine many technologies together

Each virus scanning program has its differences, no single program is considered to be the best. They have their own strengths and weaknesses. Anti-virus software products often incorporate many technologies in one unified set. The three most common synthesis methods are:

1. Using the virus identifier file, prepared and provided on a regular basis by the antivirus software manufacturer, containing detailed information on how to determine it is considered a virus. Update anti-virus program ie update new identifier files.
2. Self-discovery, empirical evaluation: is a method to determine hiding position, form, mechanism of virus and other threats that have not been included in the sign file. Basically, using this method is to look at the different properties or characteristics of a file, evaluate attributes and flags with the virus's signature. In addition, you can also capture variant viruses, which have very high 'resistance' to the file identifier.
3. Use the sandbox to isolate and execute suspicious code on a virtual machine and determine whether it is malicious or not.

If separated, each technology has its own effectiveness, but cannot guarantee 100% success with all viruses. People often use combining two or three products at the same time, because no single solution is the best. The only effective way to ensure the highest level of security and security is to use multi-level intensive protection barriers with multiple antivirus software.

Use multiple antivirus software

According to PC SecurityShield, more than 40 new viruses are created every day. In June 2006, Microsoft announced that one in every 300 computers was attacked by malware (malware). You should also remember that today's environment allows malware created by a variety of independent individuals with their own attack methods and strategies.

The fun factor that comes first when using multi-tool antivirus is simple. In fact, there is no single virus scanner that performs all the functions in all areas of security, nor is there any independent virus scanner that is the fastest, most effective and 'best'. at every place If you currently use the program with the fastest average response time, very good. But don't think that with the new virus appearing next, its reaction time will be 'fastest'. It is not a question of whether the virus scanning engine is the fastest to respond to specific viruses, or is equipped with a combination of the necessary technologies that your network may be quickly attacked. Quickly, leaving many heavy consequences. The consequences can be productivity losses, downtime, loss of business opportunities and additional costs for businesses.

Furthermore, over and over again, updates of a virus scanning program may be flawed. That's because the manufacturers always try to release these upate versions as quickly as possible to compete with new virus attacks. Based on a single tool often leads to failure, because the virus can take a detour, passing through the defect barrier of a processing program, while using multiple tools, you will be provided grant a backup.

Small warning

Using multiple virus scanning tools is a safer and smarter solution, but one important point to remember is to understand what you have in your hand. Using 5 virus scanning programs doesn't mean you have 5 layers of protection. Simply give you 5 opportunities to get the correct answer. Each answer, figuratively speaking, is independent. It is similar to passing the five rounds at the airport, when each security officer is responsible for inspecting a part, organized in an intensive form. Therefore, you have the opportunity to catch the event before it happens.

Continuous attacks undermine the effectiveness of protective barriers

Returning to the 2006 FBI / CSI research report, 65% of companies were attacked at least once in the last 12 months, causing losses in the US organizations of nearly $ 16 million. It is possible that all participants in the study were users of industrial antivirus software. Failure in network protection is often noted by the use of individual antivirus tools

Multiple layers are used in most other security and security formats

It is difficult to find an organization that only uses a single protection barrier or warning system to protect all valuable physical resources against threats such as theft, deliberate destruction. , fire, natural disasters . Instead, it is the popularity of multi-layer protection with many components such as security fences, surveillance cameras, fire-fighting sprinkler systems and domes. All have backup systems if they fail or fail.

Data of an organization, most of which are precious resources, also require such a diverse protection system. Of course, this diverse system can only be provided by many anti-virus tools combined. So far, there is no other more reliable method for you to choose.

New models and new strategies

As mentioned above, defensive barriers with a single virus scanning tool are not effective in network protection. Therefore requires you to identify other strategies that are compatible with the multi-program protection layer. Organizations need to implement a stratified scanning solution, combining rhythmic activity so that at least one software is updated with the new virus sign. Using multiple virus scanning tools also means combining many technical functions together to combat all threats. Your network is then protected at maximum security.

Nothing is perfect, but using 4 or 5 virus scanning programs and multi-tool manager such as GFI MailSecurity for Exchange / SMTP will help your network be protected effectively and safely. You can be confident that a single manufacturer can respond quickly, promptly and in accordance with the requirements.

Learn a bit about GFI MailSecurity for Exchange / SMTP

GFI MailSecurity for Exchange / SMTP is an e-mail security solution, providing a way to identify vulnerabilities, analyze threats and kill viruses, effectively eliminate all threats from email before they can impact on an organization's e-mail users. GFI MailSecurity uses multiple virus scanners to scan all e-mails, such as, McAfee, BitDefender, Norman and AVG Anti-Virus. There are also a number of other important components such as attachment checking modules and e-mail content, which can isolate these objects if detected dangerous; a protective net exploit vulnerability, to prevent viruses based on current vulnerabilities and possibly even in the future (like Nimda, Bugbear); a mechanism to review HTML, to remove HTML scripts; a program that scans trojans and executable files (Trojan & Executable Scanner), to detect malicious executable files. For more information and download a trial version of GFI MailSecurity for Exchange / SMTP, you can go to: http://www.gfi.com/adentry.asp?adv=25&loc=112