|
The need to have a fast response time
One of the most important factors in the successful protection of your network against viruses is how fast you get new virus engine signature files - those files released by anti-virus labs that help to identify a virus when there is a virus outbreak. Email allows viruses to be spread at lightning speed in a matter of hours, and a single email virus is enough to infect your whole network. Obviously then, a critical factor is how fast the signature files of your anti-virus solution are updated when a new virus emerges. In every virus attack there is a time differential between the outbreak of the new virus and the release of signatures to defeat and eliminate it. The faster a signature file is created, the less likely the chance of an infection. A 2006 study by the UK government found, for example, that although 100% of large British companies use anti-virus products, 43% of them were infected by viruses during 2005, largely because virus signature updates had not been deployed fast enough.
Every anti-virus vendor in the market claims to have a fast response time. However the reality is not quite so sanguine. Anti-virus labs produce updates for virus and worm outbreaks at different intervals. For example, the same lab may produce an update for one virus within six hours, yet take 18 hours for the next one. Complicating the matter further is that while, on average, some companies perform better than others, there is no one company that will always be the first and fastest to respond to a virus outbreak. Granted some companies may be faster on more occasions, but it is never the same company that delivers protection the first. One time it is Kapersky, the next it is McAfee, another time BitDefender or Norman and so on.
Time differences may also occur that are not the result of the quality of the work or the competency of the lab, but reflect their geographic location and time zone related factors.
Clearly, the differences range from hours to even days - more than enough time for your network to get infected!
The need for blending technologies
Every virus lab and scan engine is different. When it comes to protection there is no single best engine, each has its own strengths and weaknesses. Anti-virus products often use a mix of technologies to detect and defeat viruses. The three most common approaches are:
- Signature files which are prepared and released by anti-virus labs on a regular basis and contain details that help identify a virus. Signature files are the usual way anti-virus engines are updated.
- Heuristics are used to detect viruses and other threats that have not yet had signature files developed for them. Essentially they look at different characteristics of a file, assess the characteristics and flag those that appear to be viruses. This method can also detect and catch metamorphic viruses (viruses that can mutate) which are notoriously resistant to signature files.
- Sandboxing isolates and executes suspicious code in a virtual machine isolated from the rest of the IT infrastructure to determine if it'smalicious or not.
Individually each of these technologies can be very effective, but none are 100% successful. While some anti-virus products combine two or more of these technologies, there is no single best solution. The only effective way to assure the highest level of safety and security is by a multi-layered in depth defense which can be achieved by using multiple anti-virus engines.
The case for multiple anti-virus engines
PC SecurityShield estimates that over 40 new viruses are found every day. In June 2006, Microsoft reported that 1 out every 300 PCs were infected with malware. It is also important to remember that today's environment of constantly evolving malware is the product a legion of independent malware designers, each with an individualistic approach and attack strategy.
The argument in favor of using multiple anti-virus engines is simple and is predicated on the simple reality that there is no single anti-virus engine that does everything. There is no single anti-virus engine that is fastest, most effective and "the best" all the time.
|
