Antivirus software 'is being defeated'

Even though 98 percent of companies used an antivirus product, 45 percent of them experienced a virus infection over the past year
Written by Munir Kotadia, Contributor

According to the results of the AusCERT 2006 computer crime survey, even though 98 percent of companies used an antivirus product, almost half of them experienced a virus infection over the past year.

The survey, which was published at the start of this year's AusCERT 2006 conference on the Gold Coast, is further evidence that malware writers are targeting their attacks and testing their code to ensure it is undetectable by antivirus products before it is distributed.

According to the survey, 98 percent of respondents have deployed an antivirus application and yet 45 percent reported being infected by a virus or worm.

Graham Ingram, general manager of AusCERT, said that cybercriminals are making a "concerted effort" to defeat antivirus technology -- and they are being successful.

"Because there are criminal elements involved, this is a concerted effort to defeat the antivirus," Ingram told ZDNet Australia. "We have very strong evidence that the malicious code and Trojans we see are being tested to make sure they are not detectable on release ... they are there to try and take money, so the defeat of antivirus software is a significant factor".

Antivirus companies admit that certain malicious code is able to bypass their signature and heuristic-based technology.

Trend Micro Australia's Adam Biviano, who is a speaker at this year's conference, told ZDNet Australia that antivirus companies and malware authors have been playing catch-up on each other for some time.

"It is the chicken and egg game that we have always been playing," said Biviano, who admitted that more targeted attacks are making life difficult for antivirus vendors.

"More things are going undercover, into networks and into organisations without being known. So an outbreak is no longer an outbreak that will shut down your network. It is something that now goes in and captures keystrokes.

"We haven't seen a major outbreak for quite some time but the level of malware is still rising," he added.

Paul Ducklin, head of technology in Asia Pacific for Sophos wasn't surprised by the survey results because of a variation on a mathematical proof devised by British mathematics genius Alan Turing more than 50 years ago.

"There exists a proof that you cannot have a perfect defence... it says 'you cannot write a program which will, in all circumstances, correctly determine the behaviour of another program'. You can get very, very close but it just can't be done," Ducklin told ZDNet Australia.

According to Ducklin, this is both good and bad news because although it means that antivirus applications will never be perfect, neither will a virus.

"You can't write a virus that will evade detection by all possible antivirus. So on one hand we will always lose but on the other hand we can always win. It is just a question of keeping the balance right.

"Most companies -- us included -- will always recommend that you have several baskets in which to place your eggs," added Ducklin.

Munir Kotadia travelled to the Gold Coast as a guest of AusCERT.

Editorial standards