Warning, Your Antivirus Software May be Leaky
If you think you're protected because you have antivirus applications installed, think again.
Security experts and vendors recommend that users install and use antivirus and other anti-malware software on their PCs, but enterprises that have these installed in their infrastructure may not be as well protected as they think.
According to Promisec, which offers clientless security solutions, more than 25 percent of 100,000 computers it surveyed recently have missing or disabled antivirus software, but the antivirus management consoles are not alerting network administrators about the problem.
That lack of reporting leaves a major security hole for cyber criminals to exploit.
One of Firstbrook's clients faced this very problem. While looking into problems with the corporate virtual private network, his IT department found that 300 PCs had been taken over by malware. However, the antivirus software management console did not show anything wrong.
The malware authors had replaced the affected PCs' antivirus agents and the firewall protecting them with code they had written themselves that hid the malware takeover, Firstbrook said.
Situations like this will not happen with McAfee's (NYSE: MFE) anti-malware solutions, Ed Metcalf, group solution marketing manager at the vendor, told InternetNews.com. "We have self protection built into our software to prevent any modification or disablement of the software," he said. Also, enterprises can deploy policies to all endpoints to ensure they check in regularly.
Further, Metcalf said, McAfee offers a rogue system detection option that will immediately inform IT when devices without its anti-malware solution are attached to the network.
To ensure PCs are not taken over by malware, enterprises can put a secure Web gateway in front of their PCs and force all Internet traffic to go through it, Gartner's Firstbrook said. "Almost all threats today are Internet based, so if you pay attention to the gateway you can see what PCs are going to dangerous sites," he explained. "Because the gateway doesn't sit on the client, it's not corruptible the way a client is."