Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on March 9, 2007 8:34 AM.

The previous post in this blog was Identity Theft News is Gloomy.

The next post in this blog is Deny all except with permission.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« Identity Theft News is Gloomy | Main | Deny all except with permission »

Anti-virus effectivity

The evidence continues to mount that the upper hand in the arms race between anti-virus vendors and criminals rests with criminals. Today, Brian Krebb's bloged about "Online Anti-Virus Scans: A Free Second Opinion". In the blog he referenced several sites showing that anti-virus tools frequently miss new virus variants (here and here).

If you drill down into the data in the AV Comparitives Report published February 6, 2007, you will see that most vendors have trouble detecting Backdoors, Trojans and other malware detection. Kapersky did well in this test at over 99%. However even with this rate, it means that it's missing one in a hundred. The rest of the vendors fall off the wagon with results ranging from approximately 96% to 51%. Other studies I have blogged about, show the rate to be much worse.

What this means is that some malware is going to get through your anti-virus defenses. The question is, what are you going to do about it?

If you are smart, you will have some heuristic intrusion detection system running to pick up some of the malware based on the way systems and applications operate. However, these may or may not pick up programs that trap user's uid and passwords and pass out the electronic door to criminals.

So then what? The only answer is to have layers of stronger and stronger authentication as the user accesses higher risk applications. However, once again, these too may be foiled. Therefore, you need to have transaction authentication protecting your enterprise crown jewels.

The last line of defense must be filters on everything leaving the enterprise electronically which are looking for high risk data and information.

Without this, your enterprise is at medium to high risk of being successfully breached. The worst part is, you might not know of it until several months or years later.

An alternative to the above strategy is to change your mindset at the firewall and deny all except those with permissions. This however, requires a big change in user behavior since it will restrict much of what they can do. More about this in the next blog.

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com

Posted by Guy Huntington on March 9, 2007 8:34 AM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/140

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)