To be truly protected against all virus outbreaks, you need multiple engines with the right mix of capabilities, argues David Vella.
It is a well known fact that viruses, Trojan horses, worms, spam, and other forms of malware present a real threat to all modern-day organisations and affect productivity and business operations negatively. According to the 2006 FBI Crime and Security Survey, 97 per cent of organisations have anti-virus software installed, yet 65 per cent have been affected by a virus attack at least once during the previous 12 months.
- The need to have a fast response time
One of the most important factors in the successful protection of your network against viruses is how fast you get new virus engine signature files - those files released by anti-virus labs that help to identify a virus when there is an outbreak.
Email allows viruses to be spread at lightning speed in a matter of hours, and a single email virus is enough to infect your whole network.
Obviously then, a critical factor is how fast the signature files of your anti-virus solution are updated when a new virus emerges. In every virus attack there is a time differential between the outbreak of the new virus and the release of signatures to defeat and eliminate it. The faster a signature file is created, the less likely the chance of an infection.
Every anti-virus vendor in the market claims to have a fast response time. However, the reality is not quite so sanguine. Anti-virus labs produce updates for virus and worm outbreaks at different intervals. There is no one company that will always be the first and fastest to respond to a particular virus outbreak. Granted, some companies may be faster on more occasions, but it is never the same company that delivers protection first every time.
- The case for multiple anti-virus engines
The argument in favour of using multiple anti-virus engines is straightforward. It is predicated on the simple reality that there is no single anti-virus engine that is fastest, most effective and "the best" all the time. If you have an engine with the fastest average response time, then that is all you have. The clue is in the word "average".
It doesn't mean that it will be the fastest for the next virus outbreak. The results of an infection and effective "crash" of your organisation's system can include lost productivity, lost business, downtime and increased business costs.
Furthermore, from time to time, erroneous anti-virus engine updates might seep through since anti-virus vendors are constantly trying to release updates as quickly as possible to combat an outbreak.
Relying on one single anti-virus engine will fail in such an event, as viruses might bypass the erroneous single anti-virus protection, while multiple anti-virus engines will provide a backup.
- A new paradigm and strategy
Since it is obvious that single scanning engine defences are insufficient for the protection of your network then logic dictates a different strategy. Organisations need to implement a layered scanning solution that combines multiple engines to greatly increase chances of having at least one of those virus engines updated on time. Multiple virus engines might also result in the right mix of technological capabilities for any particular threat, thus increasing the chances of your network being protected.