 |
When a new malicious program is released, traditional signature based antivirus systems give the virus author a 6-24 hours head start, before the virus shields are up-to-date.
Why? Because most traditional antivirus systems rely on updated signature files, and the average release delay is 6-24 hours from the moment a new virus is sent out.
Most corporations find this to be insufficient, as it leaves their network vulnerable and unprotected until they can get hold the required signature files to get their virus protection restored.
How does malware propagate?
Malicious software spread by being transported from one system to another. There are many transport mechanisms:
- Web pages
- Instant Messaging systems
- CDs
- Diskettes
- USB memory sticks
- Cell phones
- Bluetooth devices
- Infrared devices
- Wireless devices
In essence - anything that can be used to transfer information to a device is a potential carrier of malware. The challenge is to stay protected against all the threats, from all the possible channels of distribution, simultaneously and all the time. To accomplish this, a holistic approach to antivirus infrastructure is needed. The infrastructure consists not only of software solutions but also processes and procedures to keep systems updated plus user policies (sets of rules) to avoid unnecessary exposure to threats for the system.
Actions to secure the environment
The first activity entails establishing an overview:
- What needs protecting? (Based on expense/use-value assessment.)
Then we need to establish:
- How well should it be protected? (Same model as above.)
Then we can start on finding the right tools for the job and plan processes and procedures for updates plus establishing antivirus related security policies (security rules).
As we establish an overview of threats, we soon see that there is a wide spectrum of threats to take into account and they use virtually all-possible paths to servers and PCs for distribution.
Releases of signature files are too slow!
If we look back some 10-15 years, it could take weeks from the release of a new virus until it reached critical mass of users. 5 years ago this was reduced to days. These days a virus uses only seconds to move all around the world over the Internet.
When we take into account that antivirus vendors release new virus signature files on a daily basis, we see that there are still some periods where we are unprotected.
If we move on to review the distribution pattern for new viruses, it does not help to give the Chief Executive Officer peace of mind. A significant part of the distribution takes place the first days and then tails off. The reason it tails off relates to organisations getting their virus protection updated, hence slowing down further distribution. Simply put; virus protection works as intended and is effective assuming it is kept updated. A challenge still exists: being protected against threats in the critical period from a new virus emerging until new signature files are available and distributed to all systems.
This challenge has proven the hardest and most complicated to address in a satisfactory way.