Surprise, surprise—a recent Imperva report
claiming that available anti-virus products are categorically awful at
protecting PCs from new computer viruses hasn't been well received by AV
software vendors.
Rival IT security firms have been especially critical of the methodology
of an Imperva report released last week, which called the more than 40
anti-virus software products it tracked for a recent study "woefully
inadequate" at protecting IT assets from 82 newly created viruses that
company researchers unleashed on them.
"Simply scanning a collection of files, no matter how large or how well
sourced misses the point of security software entirely. They were not
exposing the products to threats in the way they would be in the wild,"
Rik Ferguson, director of security research at Trend Micro, told ITPro after the release of the report.
Now Imperva is answering its critics. In a new post on the company's official blog,
Imperva's Rob Rachwald acknowledged "the limitations of our
methodology," but argued that "fundamentally, the model for
antivirus—and not our methodology—is flawed."
Rachwald's contention is that anti-virus solutions were developed to
inoculate against widespread computer virus infections, but that today's
malware "is deployed to target specific individuals—CEOs, researchers,
politicians, executives—and not everyone's mom."
Because of this shift in focus and tactics by malware developers, older
methods for stopping threats like blocking blacklisted IPs and URLs
don't work anymore, according to the Imperva researcher.
"[I]n today's threat scape, where we consider attackers that are
specifically targeting a specific victim, they create a dedicated URL to
host the malware and use a dedicated IP address to send malicious mail,
easily overcoming blacklists," Rachwald wrote.
Imperva's research actually found that prominent anti-virus solutions
remained "very effective" at stopping widespread viruses—but were awful
at identifying new, targeted threats quickly and effectively.
Unfortunately, that distinction wasn't made very clear in Imperva's
original report. That likely generated some confusion about the correct
conclusions to reach from the Imperva study. It seemed to indict
anti-virus products as utterly useless against the "old threat model" of
casting a wide net with malware but ineffective against the newer
tactic of targeting individuals.
So what's the upshot? Well, there are a lot more moms out there than
CEOs. And there's still a lot of widespread malware. For most of us,
running some kind of anti-virus protection on our computers is still the
smart thing to do. And as Imperva notes, there's effective security
freeware out there so it's not always necessary to spring for it.
But for those folks who have reason to believe they could be targeted by
the new breed of malware, that off-the-shelf AV software probably isn't
providing adequate protection.
Source: http://www.pcmag.com
No comments:
Post a Comment