Thursday, February 21, 2008

The War is still on ...


You know I'm not talking about wars against terrorism, aids, or drugs. It's between Antivirus vendors vs. Virus writers. The latest in-the-wild malwares use sophisticated techniques to stay under-the-radar, and you as the end user will feel safe when your AV software shows the misleading pop-ups “No Virus Found” or “System is clean”. While the truth is, your system is damn infected with some “packed virus” or a “rootkit”. Why I say this, because today it happened with me, that one computer was infected with the “Trojan.PWS.Onlinegames.BS” virus and the AV was totally fooling me. What we should learn is don’t believe the “Silver Bullet” concept. It’s all about marketing people who always try to inject these ideas to convince customers about buying their stupid softwares. What we need is keeping a far distance between the end-user and malware, by enforcing the written policy and reviewing the results. Don’t depend on the desktop AV software alone, replace your old firewall with a good UTM appliance that got an AV module and make sure viruses stop there. Using different AV’s to protect your network and the desktops are recommended because vendors get the viruses samples from multiple places, and the faster is the better. Also, use Internet filtering solutions that can put an end for users who visit malicious sites, or even to prevent already infected machines from updating their virus files from the main servers. In the end, make sure installing more defense lines, to keep the security balance in your network. Getting a book talking about defense-in-depth will be a good start.