Can Your Antivirus Stop the Next Threat?
Antivirus vendors, researchers, and corporate consumers spoke at the Tenth Annual Virus Bulletin Conference in Orlando, and the message was clear. Traditional antivirus methods simply cannot achieve 100% protection 100% of the time. Even as David Chess of the IBM TJ Watson Research Center expounded on Fred Cohen's theory that detecting 100% of all viruses was impossible, other vendors spoke about recommended changes needed in the antivirus industry. Each of these vendors focused on the improbability of detecting the next unknown threat with traditional signature scanning as the only weapon. These eye openers seemed to point out that previously unknown viruses such as LoveLetter and Melissa may well continue to plague users - despite the best efforts of the antivirus industry.
Behavior blocking, long the bane of the industry, was seen as one of the more viable solutions to detecting unknown malicious code. Instead of relying on a known signature string as is done in traditional scanning, behavior blocking works by alerting users to potentially risky behavior attempted by executable code. For example, writing to the registry, or overwriting a system file, might be considered improper behavior and the user would be notified accordingly.
Other vendors, such as Sophos, called upon users to take more responsibility for system security and take certain precautions to defend against viral attack. Among their suggestions for tightening security were:
In addition, recommendations were made to restrict Internet access, allowing only a limited number of persons to have access.
Realistically, enforcing such policies could actually hinder productivity and efficiency, thereby creating conditions as unsavory as a virus. Indeed, John Bloodworth, of McAfee, urged that legislation - and not user restriction - was the answer to stemming the flow of viruses. He encouraged attendees to put pressure on responsible officials to enact stricter laws dealing with the writing and spread of malicious code.
Email attachments, a large source of infection, continue to be a modern day Pandora's Box. Regardless of the philosophy embraced, the fact remains that email is a significant vehicle for infection. As seen with LoveLetter, what once took months, or with Melissa - days, to spread, now can sweep the globe in a matter of hours. Perhaps the best advice would be to avoid temptation, deleting any attachments that are unsolicited or unexpected - regardless of the source. While this method won't prevent all viruses, it will lessen and slow the spread - giving antivirus vendors a chance to roll out the appropriate updates.
