By Dan Ilett, 9 September 2005 09:45
NEWS Security vendor Sophos has warned companies not to rely on antivirus software to protect their IT infrastructure and systems.
Speaking at the Information Systems Security Association conference in London on Thursday, Vanja Svajcer, senior virus researcher for Sophos, said companies should also look to alternative technologies and procedures to ensure their IT assets are secure.
Svajcer said: "I always say, 'Do not rely on antivirus software'. The problem is we have to see a virus before we can detect it. If antivirus is in place, it may not detect [a virus] because it may be very targeted for you."
Svajcer added that virus writers are becoming more precise with malware attacks but most people only pay attention to email viruses. Viruses that give hackers access to compromised computers, otherwise known as 'bots', were a hidden problem, he explained.
"Most people know about email viruses as they get more coverage. But bots are running under the radar. People are not really aware there are so many," he said.
Virus writers are expected to improve the resilience of botnets in the next year, he said, as currently they are easy to take offline by shutting down the controlling IRC server.
One hope on the horizon, according to Svajcer, is that most antivirus vendors are looking to improve the generic detection for viruses, which would help to stop the spread of tailor-made malware.
Comments
There are 4 comments. Join the discussion
1. David
How very refreshing to see a Sophos statement that hasn't got the ubiquitous Graham Cluley attached! May pay more attention to it thereby...
2. David Supple
This is as close as I've seen anyone doing a "Ratner" for a long time!
"Buy our software - it won't protect you, but at least I will be able to go to sleep on a large bed of money, surrounded by many beautiful women"
3. Kevin Fitzgerald
I agree with his opinion in that antivirus software alone is useless. It has to be part layered approach that includes anti spy ware, firewall & all software having the latest patches installed.
4. Vanja Svajcer
My point was that one should not rely only on Anti-virus software. Although in 99% of the cases you can rely on the AV software to detect known malicious threats you have to be constantly vigilant and monitor signs of suspicious activity using complementary technologies in case of an attack with a yet unknown piece of code.
Due to the reactive nature of scanning (initially we need to see a malicious sample in our lab before we release detection) and recent cases of targeted attacks, there is an increased risk of an attacker planting a Trojan without initial detection of the AV software. The risk is quite small, but it exists and I wanted people to be aware of it.
In computer security there are no silver bullet products. The security is a process and not a product and involves multiple technologies, products, policies and most of all people. AV software is just a small piece in the picture.