Warning, Your Antivirus Software May be Leaky

Download our in-depth report: The Ultimate Guide to IT Security Vendors

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  

Security experts and vendors recommend that users install and use antivirus and other anti-malware software on their PCs, but enterprises that have these installed in their infrastructure may not be as well protected as they think.

According to Promisec, which offers clientless security solutions, more than 25 percent of 100,000 computers it surveyed recently have missing or disabled antivirus software, but the antivirus management consoles are not alerting network administrators about the problem.

That lack of reporting leaves a major security hole for cyber criminals to exploit.

Peter Firstbrook research director at analyst firm Gartner, told InternetNews.com the problem is real, but disputes Promisec's figures. "It's possible for the antivirus software's agent to be corrupted so it doesn't report something's wrong," he said. But he he was surprised by the 25 percent figure, which he believes is inordinately high.

One of Firstbrook's clients faced this very problem. While looking into problems with the corporate virtual private network, his IT department found that 300 PCs had been taken over by malware. However, the antivirus software management console did not show anything wrong.

The malware authors had replaced the affected PCs' antivirus agents and the firewall protecting them with code they had written themselves that hid the malware takeover, Firstbrook said.

Situations like this will not happen with McAfee's (NYSE: MFE) anti-malware solutions, Ed Metcalf, group solution marketing manager at the vendor, told InternetNews.com. "We have self protection built into our software to prevent any modification or disablement of the software," he said. Also, enterprises can deploy policies to all endpoints to ensure they check in regularly.

Further, Metcalf said, McAfee offers a rogue system detection option that will immediately inform IT when devices without its anti-malware solution are attached to the network.

To ensure PCs are not taken over by malware, enterprises can put a secure Web gateway in front of their PCs and force all Internet traffic to go through it, Gartner's Firstbrook said. "Almost all threats today are Internet based, so if you pay attention to the gateway you can see what PCs are going to dangerous sites," he explained. "Because the gateway doesn't sit on the client, it's not corruptible the way a client is."

This article was first published on InternetNews.com. To read the full article, click here.

Submit a Comment

Loading Comments...