Antivirus software 'is being defeated'

Antivirus software 'is being defeated'

Summary: Even though 98 percent of companies used an antivirus product, 45 percent of them experienced a virus infection over the past year

SHARE:
2

According to the results of the AusCERT 2006 computer crime survey, even though 98 percent of companies used an antivirus product, almost half of them experienced a virus infection over the past year.

The survey, which was published at the start of this year's AusCERT 2006 conference on the Gold Coast, is further evidence that malware writers are targeting their attacks and testing their code to ensure it is undetectable by antivirus products before it is distributed.

According to the survey, 98 percent of respondents have deployed an antivirus application and yet 45 percent reported being infected by a virus or worm.

Graham Ingram, general manager of AusCERT, said that cybercriminals are making a "concerted effort" to defeat antivirus technology -- and they are being successful.

"Because there are criminal elements involved, this is a concerted effort to defeat the antivirus," Ingram told ZDNet Australia. "We have very strong evidence that the malicious code and Trojans we see are being tested to make sure they are not detectable on release ... they are there to try and take money, so the defeat of antivirus software is a significant factor".

Antivirus companies admit that certain malicious code is able to bypass their signature and heuristic-based technology.

Trend Micro Australia's Adam Biviano, who is a speaker at this year's conference, told ZDNet Australia that antivirus companies and malware authors have been playing catch-up on each other for some time.

"It is the chicken and egg game that we have always been playing," said Biviano, who admitted that more targeted attacks are making life difficult for antivirus vendors.

"More things are going undercover, into networks and into organisations without being known. So an outbreak is no longer an outbreak that will shut down your network. It is something that now goes in and captures keystrokes.

"We haven't seen a major outbreak for quite some time but the level of malware is still rising," he added.

Paul Ducklin, head of technology in Asia Pacific for Sophos wasn't surprised by the survey results because of a variation on a mathematical proof devised by British mathematics genius Alan Turing more than 50 years ago.

"There exists a proof that you cannot have a perfect defence... it says 'you cannot write a program which will, in all circumstances, correctly determine the behaviour of another program'. You can get very, very close but it just can't be done," Ducklin told ZDNet Australia.

According to Ducklin, this is both good and bad news because although it means that antivirus applications will never be perfect, neither will a virus.

"You can't write a virus that will evade detection by all possible antivirus. So on one hand we will always lose but on the other hand we can always win. It is just a question of keeping the balance right.

"Most companies -- us included -- will always recommend that you have several baskets in which to place your eggs," added Ducklin.

Munir Kotadia travelled to the Gold Coast as a guest of AusCERT.

Topics: Security, Malware, AUSCERT

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • The Top Blockers

    So other than the Russian software that blocks 90%, who are they recommending consumers buy to protect their computers?
    anonymous
  • Mac?

    I think the only way your 100% then according to this article is if you purchase a computer from APple. Even then your not 100 percent safe
    anonymous