This article can also be found in the Premium Editorial Download "Information Security magazine: How security pros can benefit from information sharing."
Download it now to read this article plus other related content.
Myth #2: Antivirus doesn't work
Viruses, worms, spyware, Trojans, mobile code and all other varieties of malware are hammering businesses at alarming rates and levels of intensity. Multivector, multipayload worms obliterate disk drives, saturate network shares and covertly install rootkits on servers, costing businesses billions of dollars annually.
The stark reality is that conventional signature-based antivirus technology is largely powerless against these new forms of attack. In fact, many new worms and their variants are carefully tweaked to evade AV scanners. This has lead many to believe that signature-based AV is impotent and unnecessary.
"AV reduces risk in companies by a hundredfold or more," says Peter Tippett, CTO of managed security firm CyberTrust. In fact, he suggests that using AV has an "amplifying" effect on risk reduction. "If you do a little bit--place AV on desktops and gateways and filter for 10 or so prominent file attachments--you get a lot of benefit."
The problem with conventional AV, Tippett says, is that too many companies overly rely on it. "They try to take that thing that reduces risk by a hundredfold and make it tenfold better instead of investing in other cheap and easy security processes," such as zone segmentation, bastion hosts, default deny on border routers and disabling active scripting in Internet Explorer. Like AV, each of these techniques is effective only up to a point.
And then there's the human element, which no technology can perfectly secure. "Many worms and viruses target people, and we'll never be able to secure them," says Bruce Schneier, CTO at Counterpane Internet Security.
Schneier says that blaming AV scanners is a little like killing the messenger. "The security of our operating systems and applications sucks, [and] lousy software makes for a very permissive environment for worms and viruses."
This was first published in January 2005