Antivirus Software: A Tool, Not a Panacea
If you think merely using a firewall, anti-virus software and staying up to date on Microsoft Windows security patches will allow you to throw caution and common sense to the wind while surfing the 'Net, think again.
The folks over the Internet Storm Center are soliciting Web site links and addresses that attempt to install all manner of malware on a visitor's machine. So far, the ISC has collected a few hundred such links, but only about half of the time did those Web pages set off alarm bells in any one of a dozen or so anti-virus products on the market today, said Johannes Ullrich, chief technology officer at the Storm Center.
SANS is working with VirusTotal.com -- a group that will scan any e-mail or file you send them against more than a dozen of the most popular anti-virus tools out there (I wrote about this service back in April.) VirusTotal will then generate a free report on the results and share what it finds with the anti-virus companies (unless you request otherwise).
Most of the sites SANS looked at use programming tricks in the Internet Explorer browser to install spyware or adware, typically pesky and persistent software that serves pop-up advertisements and mines information from its host computers that is then shared with marketing companies. Increasingly, however, it is becoming more difficult to differentiate between spyware and programs that outright attempt to steal your personal and financial information on behalf of identity thieves, as rather alarming research from Sunbelt Software indicated last week.
More interesting research about evil Web sites and links comes from Microsoft, which recently conducted a Web sweep in which it found 750 pages that attempt to load malicious code onto visitors' computers, including at least one that exploited a previously undisclosed vulnerability. However, according to a story at SecurityFocus.com, even a partially patched version of Windows XP Service Pack 2 blocks the lion's share of attacks, cutting the number of dangerous sites from 287 for an unpatched system to 10 for a partially patched SP2 system.
This posting isn't meant to bash anti-virus companies or their products. They have to keep up with dozens -- if not hundreds -- of unique threats each day, but the bad guys are getting better at figuring out how to evade those detection mechanisms. Just keep in mind that anti-virus software is but one layer of defense for a properly secured computer. Patches, more of which will be forthcoming from Microsoft today, also are a critical component. Most of all, remember that there is no substitute for common sense: Stay away from links that show up unbidden in a e-mails or instant messages.
Posted by: John McNeil | August 10, 2005 4:39 PM | Report abuse
The comments to this entry are closed.