Antivirus programs: One is not enough

AnchorDesk

Antivirus programs: One is not enough

Wayne Rash
Contributor, Tech Update
Monday, August 12, 2002

Add your opinion

Forward in

Format for

Most press releases are self-serving, hype-ridden, mistargeted, and just plain useless. So when one arrives that's actually useful, it's a pleasant surprise, to say the least.

This happened to me last week when GFI Software in Malta sent a note stressing the importance of using multiple antivirus engines to screen e-mail that enters your enterprise from the outside world. In itself, that wasn't particularly surprising. GFI rarely sends out anything that's not useful, and in this case, the company was highlighting its MailSecurity product's ability to use multiple antivirus engines at the same time.

VIRUSES CONTINUE to be a major problem for most companies. In fact, they're getting worse. As e-mail use has grown, so have the number and the virulence of computer viruses. Yet, for most companies, the only defense against viruses is the antivirus software that resides on employees' desktop computers. You have to depend on employees to actually scan everything that comes into their computers, and thus on to your network. This is hardly a satisfactory solution.

Products such as GFI's MailSecurity offload much of the heavy lifting to an antivirus application that protects the e-mail gateway. GFI is not alone in this. There are other products, such as Novell's newly released NetMail, that support either of two engines, Symantec's Scan Engine (formerly known as CarrierScan) or McAfee NetShield. You can also use CA's InnoculateIT.

IF YOU HAVE ONLY ONE antivirus engine, you depend on that vendor to continually update its virus definitions and to be able to immediately identify virus-like or worm-like code when it arrives in an e-mail. Unfortunately, no antivirus engine has a perfect record. You're running a small but measurable risk.

"Every engine can have an off day," says GFI CEO Nick Galea. By using multiple engines, he says, you make the virus writer's job much more difficult. The same is true for hackers who try to slip a worm onto your network to gain access. "The chance is much smaller" that they could get past multiple engines, Galea says.

And that is the reason why GFI supports the use of up to three antivirus engines at the same time. The BitDefender and Norman antivirus engines, which are very popular in Europe, ship with MailSecurity. A third, from McAfee, is optional.

Galea thinks that running three engines can give an enterprise a virus catch rate of better than 99.9 percent. "You can go years between successful virus attacks this way," he says.

Of course, having great antivirus protection on your e-mail gateway doesn't mean you can abandon your other antivirus software. You still need to have an antivirus package on every workstation because some users will use disks of dubious origin, visit virus-laden Web sites, or do one of many other things that may put your network in jeopardy. But the single biggest pathway for viruses is still your e-mail. And you can protect that.

Does your company run more than one antivirus engine? TalkBack to me!

Special sponsor stores

Dell Home

Virtualization

How to Harness the "Cheap Computing" Revolution: Utility Computing.The Fundamental Shift in Data Center Economics Read the whitepaper on TechRepublic
Virtualize and Optimize Your IT Infrastructure It is not how much you invest, but the strategy behind your investments that optimize your IT infrastructure. View the on-demand webcast to learn more
From our sponsors
Server Virtualization
Deciding What You Need to Purchase What type of virtualization do you need? Click here to find out more