Seven Steps to Hinder Hackers: Antivirus Just Isn't Enough

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Next Seven Steps to Hinder Hackers: Antivirus Just Isn't Enough-7 Next

Employees should always use long, random passwords to access corporate resources or cloud services. Since these passwords are impossible to remember, it's sensible to use a password manager application which can generate long passwords, store them in an encrypted database, and enter them when appropriate after the user has supplied a single master password. An added benefit of using a password manager is that it provides an element of protection against phishing sites. That's because a password manager will automatically enter the correct password for a given intranet or Internet site, but will spot when a user attempts to access a replica phishing site at a false URL.

When hackers broke in to the New York Times' network, evaded its antivirus software and began plundering its computer systems, it highlighted a rather uncomfortable truth:  Antivirus software is not that good at keeping systems secure.

That means that any company that relies on an antivirus package to secure its endpoints is exposing itself to a huge security risk. "To some extent the problem is the fault of the security industry who have been selling these products," says Graham Cluley, a senior technical consultant at antivirus vendor Sophos.

Antivirus Weaknesses

Antivirus products don't have magic powers; you still have to worry about security. While antivirus software is good at spotting known malware by matching its digital signatures with a signature database, the type of sophisticated hackers that are believed to have masterminded the New York Times attack would likely write new exploit code that no antivirus product would have ever seen before.

And it appears -- though this is not certain -- that the New York Times was relying on the signature matching protection of Symantec's antivirus product to maintain the security of its systems. After the attack was publicized, Symantec said in a statement: "Turning on only the signature-based antivirus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Antivirus software alone is not enough."

Most antivirus products -- including Symantec's -- go beyond signature-based protection by offering generic protection against malware types that are similar to specimens that have been seen before, and by offering behavioral protection which detects when software demonstrates suspicious behavior such as changing certain registry settings or causing a buffer overflow.

But this more sophisticated antivirus protection is also not sufficient. Here's why: In a nutshell, whether or not a given antivirus product will detect a piece of malware is entirely predictable.

All a hacker has to do when designing a piece of malware is run it on a computer with that antivirus product to see if it will be detected. If it is, then the hacker can modify the code until the antivirus software no longer detects it.

So what should a company do to protect its endpoints? The answer, according to Paul Rubens, writing for eSecurity Planet, is to deploy several layers of security measures to reduce the risk of compromise. Some of these are included in security "suites" sold by antivirus software vendors in addition to their core antivirus products.

A determined group of skilled hackers sponsored by a foreign state such as China will likely be capable of penetrating any defenses that you put in place, given enough time and resources. But that doesn't mean there is no point in bothering with anything more than the most rudimentary signature-based antivirus protection. "By applying these layers of security, what we can do is reduce the risk that a system is compromised," Cluley says.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

Privacy rollback Security Pros Give Their Opinions on ISP Data Privacy Rollback

IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ...  More >>

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

IT security careers The Most In-Demand Security Jobs and How to Get Them

Security professionals are in demand right now, and entry-level security jobs generally fall into either an engineer or analyst role. Find out more about required skills and career paths. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.