Feeds

Multiple virus scanning needed, says multiple scanning firm

One is never enough, or is it?

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

No single anti-virus product catches a comprehensive range of email viruses and malware within a variety of compressed and uncompressed file formats.

That's the conclusion of a study analysing the results of research by five leading anti-virus testing laboratories from security firm GFI which reveals various (we'd say minor) shortcomings in popular AV products.

GFI looked at results on tests on AV tools from Trend Micro, Symantec (Norton), McAfee, Norman, and Softwin by five impartial anti-virus testing laboratories (ICSA Labs, West Coast Labs, Virus Bulletin, AV-Test.org, and Virus TestCenter). In GFI's analysis, particular attention was paid to overall virus detection rates, the ability of AV tools to scan through compressed and embedded files, and their coverage of non-virus malware.

Each product showed strengths in different areas, GFI concluded, so combining the capabilities of two or more products would let organisations make up for deficiencies in any single product.

Of course, this reasoning applies only if the products lack similar shortcomings and fails to take into account that the most pressing problem for most companies is dealing with either newly-created fast-spreading worms (like Nimda) or the steady trickle of old favourites, like SirCam and Klez.

In the case of the former, best practice is moving towards filtering out suspicious emails at the gateway and/or employing heuristic detection/blocking at the ISP level.

For viruses like SirCam, all antivirus software detects such bugs anyway and it becomes a problem of ensuring AV software is up to date. The reason viruses like Klez continue to spread is largely due to a complete absence of protection by consumers (mainly) rather than deficiencies in AV software as such.

That's not to knock GFI's study completely - it does show up shortcomings in the ability of anti-virus tools to look within some uncommon file compression types for malware.

Using a battery of different scanning engines would be preferable but we question whether deploying products with single products with multiple scanning engines, such as GFI MailSecurity for Exchange/SMTP, is as important as the Maltese firm makes out. You can make up your own mind by reading GFI's White Paper here. ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.