Why conventional antivirus alone is not enough? Why network protection is also needed?In the mid 1990s, viruses used network shares to spread within the corporate network. Pure worms that spread by using network shares or e-mail did not exist at the time. In the late 1990s, virus writers started to use e-mail as a spreading mechanism. In the early 2000s, writers of malicious code began expanding the capabilities of viruses and worms. These so called hybrid worms or blended threats use multiple mechanisms to spread, combining traditional hacker techniques to find operating system or software vulnerabilities and adding malicious virus-like behavior to do damage and replicate. Some of the latest network worms, such as the Slammer, are not detected by conventional antivirus products, because they do not write anything onto the computers hard drive. Since workstation-level antivirus products are designed to detect worms that write onto the hard drive, these new types of worms are not detected by any vendors conventional antivirus solution. Some of the modern worms are also capable of downloading upgrades from the Internet, which means that network protection is also needed to stop them from spreading..Why are firewalls and centrally managed application control needed?Companies today have acknowledged the need for virus protection in e-mail servers and web traffic, since a majority of viruses spread via e-mail or the Internet. Virus writers have noted this as well and started to write worms that use other channels to bypass e-mail and Internet traffic protection. An example of this is a worm called Fizzer that spreads using Instant Messaging, peer-to-peer file sharing networks (e.g. Kazaa) and Internet Relay Chat (IRC). These channels can be blocked at the gateway-level firewall, but for an IT administrator there are no means to prevent employees from using these kinds of applications in corporate laptops outside office premises. In most cases, file sharing applications are forbidden according to corporate security policies, but again, IT administrators lack the means to prevent the use. Spyware in peer-to-peer software increases the risk of spreading company confidential documents to the Internet and opens ports to hackers and worms.Why is a proactive desktop firewall needed?One of the recent characteristics of worms is the increasing speed of infection. So far, the fastest spreading virus has been Slammer, which infected a large portion of the targeted hosts globally in 15 minutes and caused the entire Internet to slow down. Even though F-Secure has been the fastest antivirus vendor to provide detection for viruses new extremely fast outbreaks cannot be stopped by using the traditional signature-based virus detection alone. The proper protection can be provided by integrating the antivirus with a desktop firewall.Author: Topi Hautanen, Product Marketing Manager Begin | Back
