Column

Antivirus industry needs to get its act together

Chris Mosby

    Requires Free Membership to View

With the increasing problem of spyware, spam and patch management, we have enough to deal with.


,

Now that the smoke has cleared, and security professionals have had time to reflect on these events, I want to let you in on a little secret: The virus name game has gotten out of hand.

Sometime during the Bagle/Netsky war earlier this year, virus variant names assigned by antivirus software companies got out of synch. We can understand how that could have happened. There were multiple versions of those viruses coming out every day, with virus writers trying to outdo each other in some childish game of hacker supremacy. At the same time, IT people were dealing with the waves of malware as fast as they could.

When the virus war slowed down with the arrest of the author of Netsky, virus variant names stayed out of synch. Customers were able to deal with it -- as the new viruses trickled in at their normal pace -- by working together as a community via the Internet Storm Center, Secunia's virus information page, VGrep Online and MyITforum's security message boards and antivirus e-mail list.

This latest Bagle outbreak reminded us what a mess we are in. Since some antivirus companies have adopted an isolationist attitude, and don't usually share information with one another, customers are left confused as to exactly what they are dealing with.

While the

For more information

Online virus scanners

Configure Symantec System Center to deploy micro definitions

Finding all computers running a service with VBscript 

Find and repair dead Symantec Antivirus clients

new Bagle variants were spreading like wildfire, some AV companies acknowledged they existed, but the vendors didn't know what the variants did, nor what their products should look for. This didn't change even after the companies raised the threat level of these viruses.

Some AV companies provided more detail, but didn't match the threat level of others, since they received a low number of submissions from their customers. Their virus variant names were different from other AV companies, so some customers were left in the dark.

Still other companies had only one or two of these variants listed, with various degrees of detail -- again with completely different variant names, since that was all their customers had submitted to them. This left even more customers in the dark. For those who use more than one company's antivirus product -- and I know there are plenty out there -- that left them with an even bigger mess than just the virus outbreak.

With all of this going on, customers dealt with it as they usually do: working together as community. We sorted through all the information that trickled down to us. As usual, we got through it, with some of us showing a few more gray hairs.

I think I can speak for everyone in the security community when I say that "dealing with it" is not acceptable anymore. As customers, we should not have to work so hard to figure out which products keep us protected.

We know antivirus software companies can do better, and we challenge them to do so. With the increasing problem of spyware, spam and patch management, we have enough to deal with.

However things are fixed might not matter, as long as something is done before things get worse. Companies should work together as a community of security professionals and help out customers at the same time. With Microsoft expected to enter the antivirus software business, companies should determine how to accomplish this and keep customers better informed about how they are protected.


Chris Mosby is the SMS administrator for a large regional bank in Tupelo, Mich. He was a beta tester for the current version of SMS Installer for Microsoft and has obtained his Symantec Product Specialist Certification in Norton Antivirus Corporate Edition 7.5/7.6. He is also the co-author of "Configuring Symantec Antivirus Corporate Edition."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: