Malware is Changing. Fortunately, So Are Security Vendors’ Approaches

As the bad guys get more sophisticated with launching online attacks on your business PCs, you have to get smarter about how you are protecting them. And in the past year, many of the traditional anti-virus vendors have improved their products by offering a series of features such as streaming their updates, integrated browser protection against phishing and session hijacking, and improved ways to thwart zero-day exploits.

It still is an escalating arms race, but there is hope that you can stay ahead of the infections, botnets, malware and Trojans that run wild around the Internet.

Viruses and malware have been around since the early days of DOS, when they were transmitted on infected floppy disks. But as the Internet reaches deeper and deeper into even the smallest business networks, you have to be better prepared for the latest in attack software. These days, it is easy to manufacture a custom virus that will only infect one or two computers. This makes virus signature and pattern matching obsolete. Last year, I spent the day at Symantec Labs and they showed me exactly how easy this was: there are toolkits you can download and within minutes I was a script kiddie, creating infections left and right. No real skills required, either, other than knowing where to go to get started.

In the past, you had separate desktop software products for anti-virus/anti-malware, browser-based screening tools, host-based firewalls (the ones installed on each desktop, outside of the security features that were found in the underlying operating system), and mobile device management tools. And these desktop products didn’t include the ones that handled network-level intrusions, firewalls, and data leak protection products. That means having lots of different vendors stuff to manage.

It helps that our desktop operating systems are more secure: certainly Windows 7 and Mac OS Lion are better than their ancestors. But it also helps that the security vendors are getting better at integrating the various protective features. They have also done a better job at automation rather than waiting for you to schedule them or download various updates. While things are still far from flawless, the quality of the endpoint protection software is the best it has been in several years.

Let’s take a look at several different recent products to give you an idea of where things are going in this particular market segment.

Better signature updates

For years, anti-virus software relied on signature updates that needed almost constant downloading to stay on top of threats. But as we mentioned earlier, this is outmoded technology as custom viruses have become so easy to create. An alternative solution was something we wrote about last year about cloud-based AV protection: the cloud contains the updates and can stay on top of recent outbreaks.

But moving AV to the cloud isn’t the only solution: the security vendors have come up with their own algorithms to detect whether your PC is doing something that it shouldn’t, such as sending out lots of emails with attachments or making frequent connections to servers in suspicious locations.

For example, Symantec’s Endpoint Protection software comes with four different detection routines to look for oddball network behavior, specific malware files that have found their way to your desktops, the reputation of the sites that you visit and the actual programs that are running on your computers and how they behave. They call this “defense in depth” and it is typical of what many of the modern desktop security vendors have to do to keep your PCs protected.

Even Symantec’s Norton line of products is also getting more full-featured. Announced earlier this month, Norton 369 can manage a fleet of computers for online backups, tuning up your registry and other system files, and handling security tasks

Protecting both PCs and smartphones, too

Norton has another new product called Norton One. It offers protection across a broad spectrum of endpoints, including Windows, Macs and Android devices. This is the first time that they have moved to combine both PC and mobile devices into a single offering, and represents another direction for security administrators who are worried that their smartphones can serve as an infection vector. A single subscription covers updates to a wide range of Norton products, too. You can get more information on Norton One here. Pricing starts at $150 to cover up to five devices.

McAfee VirusScan is moving in a similar direction with its Mobile Security for Enterprise, also protecting all business-owned Android devices.

Combining browser protection with anti-virus

Other niche security vendors have begun to branch out to cover different infection avenues. For example, one of the leading browser scanning tools for many years has been Webroot. This month, they have come out with an enterprise version of
SecureAnywhere. This puts a small agent on any Windows desktop or server OS since XP, including both 32 and 64-bit and Windows running in VMs too. It provides cloud-based endpoint protection that doesn’t rely on signature updates, unlike earlier products from Webroot. It includes anti-malware scanning, a host-based firewall, cleanup of various system and registry files and the ability to quickly scan your desktop. It is priced at between $16 to $35 per user per year, depending on volume licenses. While the first version is just for Windows, they are working on Mac versions for later in the year. You can get more information on SecureAnywhere here.

Better ways to ensure automatic software updates

With the proliferation of phishing sites and other browsing exploits, there are many free or low-cost scanning tools that are available to make sure that you didn’t accidentally download some malware while you were out surfing around the Net. Some of these can be launched from a Web browser (such as Bitdefender’s free QuickScan online) and others require downloading some software. New from Secunia is v3 of its Personal Software Inspector, which takes the scanning process a step further to try to remediate the problem once you finish with your scan. It looks to see what is out of date on a wide spectrum of software that is installed on your PC. If it can update the software, it will, but at least it puts everything that is outmoded (that it knows about) in a single screen.

Casting a wide net for malware

One alternative to installing desktop software on all your PCs is to set up a network-based appliance that can catch the incoming infections before they reach your desktops. This is what Network Box has done with its device using its Z-Scan technology. Network Box uses hundreds of thousand of what it calls virus traps spread around the world on key network segments to detect malware and other anomalies that are flowing across the Internet. When one of these traps finds something bad, it sends this information to one of more than a dozen different global analysis centers run by the company. They can create and release a new signature within seconds.

This cuts down the time that an exploit can operate before it is discovered, ensuring that you can be adequately protected before an infection spreads across the Internet.

Conclusion

As you can, a number of vendors are trying unique methods to stay ahead of these online-based infections and make it easier for network administrators, even for small businesses, to protect their PCs.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.