Anti-virus Software Is Just Not Going to Cut It

Slide Show

Q1 Threat Report: Surge in Malware, Drop in Spam

With six million unique samples of recorded malware, Q1 2011 was the most active first quarter in malware history.

Viruses and malware always seem to be in the trade press headlines, but in many ways they have become the IT equivalent of death and taxes - you know they are coming, you prepare the best you can and after that, things are just kind of out of your hands.


Our Mike Vizard wrote this week that <span><strong>a sense of complacency has set in when it comes to dealing with malware</strong></span>. Standard signature-based anti-virus solutions simply can't address brand-new, zero-day attacks - the security vendors haven't had any time to add the new threats to their protection matrix. A broader scope of malware protection, which includes monitoring for intrusion and anomalous activity on the network, is needed to respond quickly to malware, which continues to be on the rise.


Here in the IT Downloads library, we have several tools and resources to help you safeguard your network against malware and viruses - and other things that go bump in the cyber night. These tools are all free to download for IT Business Edge members.


Guide to Malware Incident Prevention and Handling, from the National Institute of Standards and Technology, offers more than 100 pages of strategy and in-depth tactics on how to keep bad stuff out of your network. As you might expect, NIST focuses on preparation as the key in mitigating the risks associated with malware attacks. Among other preparations, your team should have a very specific response plan laid out in case a virus does make its way onto your systems.


The document also goes into great depth about the differences between interpreted viruses and compiled viruses and the ways they go about obfuscating themselves, such as polymorphism and armoring. After running through best steps for hardening your network protections, the report also discusses Intrusion Prevention Systems, currently your best bet for ferreting out weird activity that probably means you've been infected.


Malware Threats and Mitigation Strategies, a 10-page report from US-CERT, can serve as a solid checklist for anyone who wants to do a self-audit on the malware defense stance. In addition to some general housekeeping advice - if you still let anybody plug a thumbdrive into your systems without forcing a scan, you are going to get infected - the report also suggests that network admin routinely monitor for suspicious activity.


Firewalls, DNS server and proxy server logs should be scanned for anomalies like:


  • Outbound SMTP connection attempts from anything other than your SMTP mail gateways
  • Excessive or unusual scanning on TCP and UDP ports 135-139 and 445 outbound connection attempts on IRC or any other ports that are unusual for your environment
  • Excessive DNS queries from internal systems to the same host name and for known "non-existent" host names


It's not a magic, all-in-one solution to fighting malware. But then again, there is no such thing.

Add Comment      Leave a comment on this blog post
Aug 29, 2011 3:13 AM Ryan Ryan  says:

Taking that extra step to make sure you are protected online is vital, especially nowadays. You're right Ken, trying to stay up to date just isn't really possible with everything that is out there. You made some really good points here, but sometimes people just forget or don't think this includes them. Actually, having a checklist as you have stated can really help with the protection of your computer, server, or any other thing you could be using or working on. This checklist should include your helpful tips and even broken down into scheduled routines. It would be great if someday there was an 'all-in-one solution', but until then your advice will get us through, thanks.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.