More Problems Plaguing Anti-Malware
Over the last few weeks there has been a spate of disclosures related to weaknesses affecting anti-malware software, where a vulnerability in the product could lead to an attacker being able to exploit the underlying system (either through breaking out of a sandbox, or targeting the filtering capabilities of the software).
Towards the end of last week several filtering management issues affecting numerous anti-malware solutions were reported in the space of a couple of days which could have negative affects for users trying to scan such files as Windows executables and common archive formats (CAB, RAR, etc).
Similar issues with false positives reported over the same timeframe can also lead to major outages and usability problems for end users. Cases such as the misidentification of competitors files (Rising Tech vs. Kaspersky) cause problems, and the misidentification of critical system files (Symantec and Chinese Windows versions) can require end users to reinstall system components and have been fairly widely reported. Other systems are suffering from misidentification problems, it is just that they do not tend to receive widespread reporting, even when it affects critical business software.
Overall, the usability and system instability issues that end users encounter when operating anti-malware solutions has led to a growing number of users showing reluctance to immediately apply patches and updated definitions files, even in the face of a clearly defined threat. Anti-malware authors are also facing the increasing problem that their software may be causing more problems on systems than they are preventing (system instability, resource monopolisation, scanning engine weaknesses). There is also a finite time required to add the new malware definition to a definitions file, leaving a clear opportunity for rapidly-spreading malware to take hold before defences can be organised.
What is the solution? Unfortunately for most users, the threats that they are most likely to encounter are best met by the range of anti-malware software that exists. Not many environments can afford to have a dedicated team of experts to control and analyse the threats that are potentially entering a network, and even those that do aren't always able to keep up with the latest threats that emerge.
At the end of the day, anti-malware solutions should form an important element of any Information Security defence system, but users and administrators should be aware that there are additional risks associated with using such systems. The return on investment is generally more than enough to outweigh the risk introduced by the system, making it a worthwhile endeavour that users and administrators should be implementing.
23 July 2007
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.