Why one virus engine is not enough
Multiple virus engines are needed to reduce time lag between virus outbreak and signature update - by GFI Software
There is no single anti-virus engine on the market today that is always the fastest and most effective at identifying viruses, trojans and other threats. This white paper examines why having multiple anti-virus scanners at mail server level substantially reduces the chance of virus infection and explores ways in which this can be achieved.
It is a well known fact that viruses, trojan horses, worms, spam, and other forms of malware present a real threat to all modern-day organizations and affect productivity and business operations negatively. According to the 2006 FBI Crime and Security Survey, 97% of organizations have anti-virus software installed, yet 65% have been affected by a virus attack at least once during the previous 12 months. Network World cited studies that placed the cost of fighting Blaster, SoBig.F, Sober and other email viruses at $3.5 billion for US companies alone. Similarly a 2006 study by the British government found that 43% of companies in the United Kingdom were infected by viruses during 2005.
Responsible organizations agree that they need to protect their network from virus attacks by installing an email security product. Yet malicious code is becoming more sophisticated and is advanced everyday as virus writers hone their skills and sharpen their code to stay one-step ahead of virus detection methods, penetrating anti-virus and firewall solutions with alarming regularity. The success of these viruses is, to a large part, linked to the flawed logic and inherent weakness of protection strategies that are based on a single scanning engine to assess the threat of incoming files.
This white paper explains why the answer to the question: “Is one anti-virus engine enough to protect the internal network from mass-mailing viruses, worms and other email-borne threats?†- is an emphatic “NO!†It also examines the need for multiple anti-virus engines to reduce the average response time to a virus outbreak, and thus reduce the chance of having your network infected. The use of multiple virus engines also enables security administrators to be vendor-independent when it comes to virus scanning, thereby able to use the best of breed virus engines available on the market.
The need to have a fast response time
One of the most important factors in the successful protection of your network against viruses is how fast you get new virus engine signature files – those files released by anti-virus labs that help to identify a virus when there is a virus outbreak. Email allows viruses to be spread at lightning speed in a matter of hours, and a single email virus is enough to infect your whole network.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Multiple Scan Engines
This article brings to mind Microsoft's Forefront product. The New Jersey company they acquired to add to their security product permitted you to run multiple scan engines to protect the exchange server.A number of security appliances have multiple scan engines. Several years ago, Trend Micro had the "named" scan engine in a 3rd party appliance and Kaspersky's scan engine was so far under the head that it did not appear on data sheets.
An issue not really addressed in the article - do you run the engines in parallel? Does everything get tested by both? Is the testing random between the two (or more engines) with an equal or unequal weighting? Microsoft's acquisition (I haven't looked what Microsoft does with respect to this) permitted you to tweak the percentages.
And of course - what is the effect of multiple scan engines on performance?