Five reasons you need a new approach to antivirus security

"I fix people's computer problems for a living," says Jason Bradley, CEO of CCE Computer Solutions in Oxford, Miss., who estimates he handles about 400 computers. "For the last year, the scanning antivirus programs have been just about useless. They just can't keep up with the threats. I had a machine that had 132 pieces of malware on it and it had antivirus and antispyware running."

Worse, he recently discovered rootkits on network servers at the University of Georgia, which had downloaded several gigabytes of pornography through the alternative data stream (ADS). Norton Corporate Edition was on each of those servers, but it could not detect the rootkits because they boot on the zero ring, before the antivirus application loads and tell the operating system to report everything is normal. And "because nothing watches the ADS, it didn't catch the downloads," Bradley says. "I ran Do It Right Microsoft on them and found huge files that shouldn't be there. I went to the command line, and four levels down found these gigabyte files of anime porn."

The problem, he says, is that malware has morphed into something much more insidious in the last few years. He lists five important characteristics of today's threat that makes it much harder for the traditional antivirus/antispyware to keep up: The professional-level tools are not user-friendly and confuse users with questions like: Do you want to let this program to write to the registry? "How does grandma know what the registry is?" he asks. Five reasons you need a new approach to antivirus security

Linked by shanmuga Saturday, 26th August 2006 3:26AM