Content

AV management (2006)

There was a "significant increase" in the number of new malware specimens detected during 2005, according to newly published monitoring data from Panda Software. The study warns of a year-on-year surge of more than 240 percent in terms of malware volume, with more than 46,000 new threats, including viruses, worms, trojans and bots, detected last year.

Internet users were subjected to "vicious and varied" attacks in January, including a multi-wave attack of seven viral mutants and several devastating zero day assaults. According to a recent study from IT security firm Commtouch, which analyzed more than two billion messages from more than 130 countries, the year began with a veritable epidemic.

The viral rampage in January included 19 new, significant, email-born virus attacks, of which eight (42 percent) were graded "low intensity," seven (37 percent) "medium intensity" and four (21 percent) "massive." The report described it as "a rare phenomenon for a single month."

PandaLabs currently detects around 300 new malware variants a day. Extrapolating from this figure, by the end of this year the number of new variants detected could exceed 100,000, which is more than all the computer threats detected in the previous 20 years.

Putting this into perspective, however, it is worth remembering that the growing sophistication of malware code, which has come a long way in recent years, has been matched by a commensurate increase in the sophistication and capacity of the anti-virus systems we use to protect ourselves.

Today’s anti-virus technologies, if kept updated, have evolved to such an extent that they have almost become commodity systems that can be relied on to catch almost all the viruses that are in the wild at any time.

While there are still high-profile and dangerous zero day or even so-called zero hour attacks that are cause for legitimate worry, the very high effectiveness of today’s anti-virus systems means that firms should only really be vulnerable if they have misconfigured or failed to update these systems.

However, this process of correctly configuring and updating anti-virus systems across complex enterprise infrastructures is invariably a challenging task.

Enterprise administrators know only too well that keeping client-side anti-virus systems up-to-date and catching viruses on a single PC is a relatively simple matter. However, the goalposts move dramatically when it is necessary to deploy, configure, manage and update enterprise-class anti-virus offerings across multiple clients, and servers that are distributed across complex corporate IT infrastructures that incorporate local and wide area networks.

Given that we expect client-side anti-virus engines to catch malware, the challenge in these enterprise environments is to be able to easily control the deployment and management of the central security solutions.

Providing administrators with a pain-free way of distributing updates is particularly important. New viruses are proliferating, and the latest patches and signatures need to be rolled out across enterprise infrastructures at a rate that keeps pace with them.

But delivery of effective anti-virus protection for enterprises is not just about deployment and the subsequent updating of client-side software to corporate desktop PCs. Today’s enterprises are increasingly characterized by a multitude of client platforms, with PC desktops being augmented by mobile devices, such as smart phones and PDAs. To cope with this increased complexity, we need platform-agnostic server management tools.

It is important to remember that viruses are just one type of threat, so we were pleased to see that some of the offerings we tested incorporate extra functionality, such as spam filters, pop-up stoppers and web filtering.

We have assembled a comprehensive range from the leading anti-virus products available in today’s market. During our testing, we began by checking the capacity of these respective offerings to cope with basic tasks, such as downloading and deploying virus signature updates.

We then extended our analysis to assess any extended functions, such as reporting ability and the quality of any log files generated.

One of the main differentiators we found was the quality of the respective management interfaces. For IT security administrators charged with managing complex, heterogeneous corporate networks, the importance of clear navigation, ease of deployment, simple distribution of signature updates and logical configuration options can hardly be overstated.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.