Can antispam/antivirus products effectively ward off sophisticated viruses?
In light of the recent Mydoom attacks, do you think antivirus and
antispam products are proving to be an ineffective way to deal with more
Let's not throw out the baby with the bath water. Yes, antivirus tools are not perfect, but, they are a good element of a baseline security strategy. Some stuff will always squeak through, but the vendors are constantly improving as well. In the future, as we get more anomaly-based detection augmenting our signature and behavior-based detection, these products will help even more.
So, don't ditch your antivirus and antispam products. Keep them patched and up-to-date, and keep barking at your vendors to make sure they improve. It'll stop the majority of the stuff we face, but not everything. That's why you need to have a supporting strategy of a solid incident response team.
For more info on this topic, please visit these SearchSecurity.com resources:
Virus Prevention Tip: Keys to an effective virus incident-response team
Webcast: Advanced intrusion defense
Security Tool Shed: Target-based IDS muffles the noise to take aim on the alerts that count
This was first published in February 2004