Guest Post - Ricky Peterson - Antivirus

Ricky Peterson was a Spring Research Analyst at Fortalice® LLC and is a student at Immaculata University.


TEASER/TITLE: Viruses, the unseen foe  

SUMMARY PARAGRAPH: The development of antivirus software has increased dramatically in the past few years. It is however, not a sure bet. Statistics show that antivirus only catches half of Malware threats and misses 15 percent altogether. There are also many misconceptions about how to protect yourself better. New technologies are being created that will decrease the threat of Malware significantly. While this technology is only in its infancy, there are several things one can do to protect against this relentless foe.

KEY FINDINGS

The economic damage caused by malware is substantial, estimated in the billions, and is growing by 30 to 40 percent a year.
Multiple antivirus programs may cause more harm than good.
  They compete with eachother.
The number of malicious programs are increasing every year.
The rate at which malicious programs multiply and infect systems is astounding.
Antivirus companies cannot create solutions fast enough to keep up.
Resource management is a big problem with antivirus programs.
Quickly scanning programs more often than not miss the infection
The more meticulous the scanning, the more the program hogs resources.
BACKGROUND

Antivirus software is a multi billion dollar industry. There are big name companies such as Symantec and McAfee, and there are smaller ones like GriSoft, the makers of AVG. This industry is big, and rightfully so. The people and groups of coders who use their skills for malicious intent number in the thousands. The intent behind malware is thought to be mainly monetary. While some do it for the thrill or make a name for themselves, the number is relatively small. Most malware is created for the soul purpose of making money illegally. This is done by stealing account logins and passwords, pin numbers, credit card information, or to create zombie computers and cause a denial of service attack, then demand money to restore service. Antivirus software is not foolproof. Most companies cannot guarantee a successful detection rate of more than 90 percent. This should not however, discourage people from investing in a good antivirus program. Some protection is better than none. While there is new technologies being researched to stop malware, they are still a few years off.

STRATEGIC PLANNING ASSUMPTIONS:

Security by Virtualization
Let the viruses in, then contain them.
ANALYSIS:

Malware is a constant threat to companies and home users alike. While no antivirus, as of now, is perfect, it is wise to invest in one. Most antivirus software stops at least 54 percent outright, and finds an additional 23 percent in subsequent scans. Multiple antivirus applications running on the same system is not generally a good idea. The software tends to compete with each other and this causes both to operate inefficiently. The better choice is to choose one software package. When choosing one, make sure that it does everything, not just viruses. Malware comes in all shapes and forms, and some programs are not built to look for them. A good choice would be a total protection suit, such as Symantec’s Norton 360. Other tools that clean the registry and look for spyware are also good investments. An example of each would be Acelogix’s Ace Utilities and Lavasoft’s Ad-Aware respectively. Programs such as these usually do not interfere with the antivirus software, and offer additional protection. Companies or institutions may also consider a dedicated firewall server that has no other function than to stop intrusions and viruses. Some technology that may be viable in the near future is “Security by Virtualization.” This new system is special in that not only does it protect from viruses but it is also one of the first to protect users from intellectual property theft, cyber crime, and cyber terrorism. The system works by creating a virtual computer for every program and all associated files that runs on the system. When a malicious piece of software comes in, a virtual computer is created for it as well. The virus is then allowed to run its course and think it’s causing harm, when in reality, it’s isolated from all other functions on the system. It is therefore rendered harmless as it cannot gain access to any other files or programs.

IMPLICATIONS:

Antivirus software is shaky at best, but is much better than nothing.
Cyber criminals are getting smarter and faster
Antivirus is struggling to keep up.
Antivirus software is only as good as its support crew
Virtualization seems to be the direction virus protection is going in
Everyone is susceptible to viruses.
Home users to the government



RECOMMENDATIONS:

When purchasing virus protection, make sure to get a program suite(Norton 360) so that you cover all your bases.
Supplement your virus protection with additional cleaners and spyware software
Ace Utilities
Ad-Aware
When purchasing antivirus software, more is not always better
More than one virus program running tends to compete with each other.
Remember software is not a cure-all
Take steps to ensure employees are not visiting sites or doing things that invite malicious software.
Look for low profile antivirus
This type of software does not hog computing resources while still keeping viruses out
Consider investing in a firewall server that stands between your network and potential threats
SOURCES:

Viruslist.com,  The contemporary antivirus industry and its problems-Eugene Kaspersky-Nov 2005
Darkreading.com, Study: Antivirus Software Catches About Half Of Malware, Misses 15 Percent Altogether-Kelly Jackson Higgins May 2009

Israel21c.org, A new Israeli approach to computer viruses - let the worms in!- Nicky Blackburn September 2004

Symantec, General information
The 2004 article technology is still being researched today

The problems posed in the 2005 article are still relevant.