Anti-virus software: Fighting a losing battle?
May 28 2008
Anti-virus software has been a pillar of corporate defences against external malicious attack for over two decades. But it is an increasingly shaky-looking one: the onslaught of viruses, which are increasing at an exponential rate, threatens to overwhelm the anti-virus (AV) vendors’ ability to stay in the game.
Nowhere is this more evident than in the cold, hard figures. In December 2007, Russian anti-virus specialist Kaspersky Lab revealed that its analysts are now processing in excess of 1.5 million malware samples every year. By 2008, the company expects that figure to top 2 million. Kaspersky is seeing at least five malware samples emerge on the Internet every two minutes and 15 to 20 new Trojans released every half an hour.
Other AV vendors are reporting similar growth. In 2007, the number of malware variants tracked by security specialists McAfee and F-Secure nearly doubled.
Criminal networks
Dig a little deeper and it becomes evident that such technical innovations are underpinned by the emergence of sophisticated criminal-to-criminal distribution networks. “There is no one group that does everything,” explains Yury Mashevsky, a senior virus analyst at Kaspersky. Many criminals do not distribute malware directly but trade in it instead, he says.
According to Kaspersky Lab’s investigations, there are advanced virus writers that sell their code on to clients. For example, the Trojan that infamously allowed fraudsters to steal SEK8 million (£575,000) from Swedish bank Nordea’s account-holders in January 2007 is believed to have been custom-written on a contract basis.
Other gangs sell vulnerabilities in online auctions, like a malware version of eBay; some prefer to rent out their network of millions of compromised computers.
Rock and a hard place
Meanwhile, as the virus writers continue to scale up their operations with minimum cost, the AV industry becomes ever more constrained – both in terms of financial and human resources. To an extent, malware analysis can be automated at the low end, but it remains a predominantly manual and highly skilled task. Throwing more bodies at the problem is not a sustainable long-term strategy. As such, says Day, the AV vendors will have to learn to “work smarter rather than harder”.
But Professor John Walker, formerly the chief security officer at Experian and now director of research consultancy Secure Bastion, suggests that recent developments in the virus-writing landscape underline a truism that has, for too long, been wilfully obscured by the security industry: “The virus writers are now so good at beating the AV products that the game is falling to the side of the criminals.”
If this declaration seems gloomy, the virus analysts themselves are no more positive. Even Roel Schouwenberg, a senior technical consultant at Kaspersky, conscious of the inequality of the virus writer and vendor relationship, and frustrated by the poor capture and conviction rates of cyber criminals, is willing to voice an uncomfortable conclusion: “It doesn’t look like we’re on the winning side.”
There are currently no comments on this article
Comments