FBI study shows 97 per cent of organizations have anti-virus software installed, yet 65 per cent have been affected by a virus attack at least once during the previous 12 months.
Security Company GFIs new white paper, Why one virus engine is not enough, reveals that organizations relying on the protection of a single anti-virus engine are actually leaving themselves exposed to a severe and constant threat from all forms of malware. The white paper outlines the fact that even though every anti-virus vendor in the market claims to have a fast response time, there is no single company that will consistently be the first and fastest to respond to a virus outbreak. Depending on a single anti-virus engine does not guarantee the quickest reaction to outbreaks every time, leaving productivity and business operations vulnerable to attack.
In addition, different anti-virus engines have different strengths and weaknesses. Some engines excel at identifying a certain type of malware while others excel at other types. As with reaction times, there is no single anti-virus engine that can guarantee protection from every type of malware from trojans to spyware. The use of multiple anti-virus engines irons out these weaknesses, ensuring the highest level of protection from every type of threat.
Andreas Marx, anti-virus expert with AV-test.org, agrees that a multiple anti-virus engine approach is the most comprehensive way for organizations to detect and combat virus attacks. "Studies prove that the best way to prevent virus introduction is with several layers of protection, which include multiple anti-virus scanners. Different anti-virus companies are using different ways to detect unknown malware proactively, for example, using heuristics or Sandboxing. When one company can detect 30 per cent and another one can detect 20 per cent of all newly released malware files, the combined proactive detection score might be boosted to 50 per cent." Marx said.
[This is obviously old news to those familiar with the inner workings of filter engines and anti-malware companies but this type of knowledge has not been widely spread. As the quality of malware improves, e.g. through the use of rootkits, it becomes increasingly difficult for anti-malware producers to keep up and for the past several years no single producer has had what I would call an adequate product in this area although several are fairly good. I have for many years recommended using at least two different anti-malware products as a matter of course mind, they must not be based on the same scanning engine! The leading products do use more than one engine in their offerings but it is up to the user to make sure of this, and evaluate the overall quality of any product they choose. Since the demise of Hamburg University's VTC's tests it is difficult to get unbiased information about these issues. I currently recommend consulting av-test.org, Andreas Marx' site.
PS: in case anybody is interested we currently test ZoneAlarm, including the anti-malware system, and Symantec's Norton product. If other anti-malware producers are interested in being included in our long-term tests please get in touch. We normally test systems for at least one year in a production environment before writing about them. --Ed].
Related links: (Open in a new window.)
www.gfi.com/whitepapers/why-one-virus-engine-is-not-enough.pdf
Taken from Information Security Bulletin.