Like any good security manager, Phill Bakker can't be too careful. As senior security architect at eHealthDirect Inc., a Lexington, Mass.-based health care application service provider, he's responsible for safeguarding sensitive health care claims data. Like many security professionals, he uses antivirus products from several vendors to be sure he always gets the latest virus patches and descriptions.

His problem, though, is making sure all of the updates from all of the vendors are distributed at the right time to the more than 150 workstations and approximately 50 servers on his network. He and one staff member must do much of that work manually, which chews up time and can lead to errors. "There are a dozen or more companies manufacturing antivirus-type products. It would be really nice to see all of those companies get together and have a common console" to help manage the update process, says Bakker.

But until antivirus vendors release such a tool, security administrators must rely on a hodgepodge of update tools, manual procedures and a "defense in depth" strategy that extends scanning to servers, such as those that handle e-mail, in hopes of catching viruses before they hit the desktop.

Most antivirus tools today work by scanning for specific known viruses, looking for "signatures" such as particular file names or certain types of e-mail attachments. But with as many as a dozen major vendors issuing regular signature updates, keeping hundreds of desktops and servers up-to-date can be more work than busy support staffs can handle. And some antivirus products also require updates for the engine that scans for viruses.

Jesper Johansson, an assistant professor of information systems at Boston University, cites one major company, which he declined to identify, whose PCs' virus lists haven't been updated since the machines were deployed 18 months ago.

According to John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc., "At Gartner, we're declaring signature-based antiviral [protection] at the desktop to be dead. It's providing near-zero value today, mainly because of the lag in updating the signatures."

Updating is easier on servers because there are fewer of them than there are desktops or notebooks, and servers spend more time linked to the Web, where they can capture virus updates distributed by vendors. But security managers must still make sure every system has the proper updates to protect their companies from hackers.

Sean Mahon, manager of security at an East Coast financial services firm, estimates that he's able to keep 97% of his Windows-based systems up-to-date with the latest virus definitions from Symantec Corp. in Cupertino, Calif. "I want to bring it up to 99.9999%," he says, adding that he wants to automate the update process to stop virus attacks more quickly.

Rising Threat

The need for up-to-date virus protection is greater than ever before, say security managers and analysts, because of the increasing importance of e-commerce and e-mail, which expose corporate systems to more hackers.

Some newer viruses can

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine