Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
Security /

The low down on antivirus testing, part 2

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By Mich Kabay
Network World Security Newsletter, 05/16/01

In my previous newsletter, which summarized a lecture delivered by Sarah Gordon, a former member of the IBM Thomas J. Watson Research Center, and Fraser Howard of the _Virus Bulletin_, I discussed the pros and cons of antivirus testing. Here I will detail what they believe is the future for antivirus testing products.

The current situation for virus testing has changed radically because of the self-mailing and mass-mailing features of worms. For example, the Melissa worm spread faster than any other malicious software with some estimates suggesting that between 400,000 and 500,000 infected e-mail messages were generated within the first 3 hours of its release. Melissa is by no means the only example of such worm. The Win32/ExploreZip, Win32/NewApt and Win32/MyPics are all recent harmful variants.

The two experts believe AVP technology should become less dependent on scanning as a testing method and that we see increased emphasis on fast heuristics to detect unknown viruses. The new strategies must also be able to spread immunity to other computers faster than the spread of network-aware viruses as response time to viral activity must be virtually instantaneous.

We also need robust systems that can operate before infection begins, resist attack on the system and AVP, recover and even heal the AVPs themselves, as well as being easy to use and scalable.

AVP testing should evolve to include these aspects of AVP performance. If a client-server model of viral immunity is used, where clients send captured virus suspects to a central analysis system, the following questions should be used in testing:

* Can the system detect new, previously unseen viruses?

* Can the system automatically, without user interaction, " capture " samples of such viruses, or sufficient information about such viruses and automatically send them to an analysis center?

* Can administrators " vet " samples that are sent? In the case of macro viruses, can confidential information be safely removed from the sample to prevent leakage of potentially privileged information to a third party?

* Is the submission scheme scalable to deal with the submission of many different viruses or nonviruses at one time?

* Does the analysis center grant " innate " immunity to other computers automatically and seamlessly in a timely manner?

* Is the system easy to manage and deploy in a large corporate environment?

* Can the software be preconfigured for rollout within a specific environment?

In conclusion, Gordon and Howard believe that AVPs will increasingly integrate scanner-based and generic virus detection techniques as a result of the proliferation of network-aware viruses and worms. AVP testing organizations should focus on user requirements and not design their tests in terms of the architectural design of the AVPs under test.

RELATED LINKS

Check out the new "Computer Security Handbook, 4th Edition" edited by Seymour Bosworth and Michel E. Kabay; Wiley (New York), ISBN 0-4714-1258-9. Available now at your technical bookstore or visit Amazon.

M. E. Kabay, Ph.D., CISSP is Associate Professor of Information Assurance in the Department of Computer Information Systems at Norwich University in Northfield, Vt. Mich can be reached by e-mail by clicking here. He invites inquiries about his information security and operations management courses and consulting services. Visit his Web site for papers and course materials on information technology, security and management.

Archive of Network World Fusion Focus on Security newsletters

Network World Security and Bug Patch Alert
News of the latest security holes and patches.

Daily dispatches from the security front from Network World and around the 'Net

_Virus Bulletin_

IBM Thomas J. Watson Research Center

Protecting the homefront
Network World, 05/14/01


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.