Craig Elliott, chief executive officer of Pertino, a cloud-networking start-up, knows that the antivirus software his company uses won't deter all hacking attacks. That won't stop him from using it. "It's a safety blanket," he says. "It's CYA [cover your ass] more than anything else."
That's why the antivirus industry, born in the late 1980s to combat floppy-disk viruses, has staying power, even in this era of sophisticated hacks from China and elsewhere. Although the word virus generally applies to all manner of computer attacks, data security pros no longer just worry about old-style viruses — programmes or pieces of code that replicate and spread from computer to computer, degrading their performance.
The new threat: advanced forms of malicious software, or malware, such as online banking password-stealers and military-grade spying software. Recent incidents like the attack on the New York Times by Chinese hackers, which antivirus software failed to stop, illustrate the challenge facing industry leaders such as Symantec and McAfee.
A weakness of antivirus software is that it's designed to zero in on so called signatures, or identifiable patterns in code. When an antivirus company finds a piece of malicious software, it adds a signature to its database, which is included in software upgrades sent to users. The approach was effective until more sophisticated malware arrived on the scene in the early 2000s. Now identifying a piece of attack software after the fact has limited value because the most advanced malware is custom-built for specific attacks—and never used again.
Today's hackers prefer to infiltrate networks via e-mail and social media, making attacks harder to detect. The Times attack is thought to have begun with infected e-mails sent to employees. After the Times disclosed that Symantec software failed to identify the malware used in the breach, the Mountain View-based company issued a statement saying that antivirus protection alone is not enough to thwart advanced attacks.
Symantec and Santa Clara-based McAfee are upgrading their security software to keep pace with hackers, such as adding blocking features that crunch traffic data to determine whether an unknown e-mail attachment or website is trustworthy.
"The industry will likely change pretty dramatically," says Francis deSouza, Symantec's president of products and services. "We're seeing more malware than we've ever seen before, and we're seeing more custom malware than we've ever seen before. Those trends have profound implications for the antivirus industry." Michael Fey, CTO, McAfee, which is owned by Intel, says "one product is not a silver bullet."
No comments:
Post a Comment