Tried and trusted troubleshooter

Anti-malware software has played a vital role in securing laptops, smartphones and other portable technologies. Is it still fit for the task?

As business boundaries dissolve with the rise of remote working and mobile devices, there is an ever-greater focus on securing endpoints such as PCs, laptops, smartphones and tablet devices.

While there are many parts to endpoint security – from encryption to hardened operating systems – a key element has always been antimalware software. But is it still up to the job?

Anti-malware suites do a lot more than catch viruses and trojans. Many now offer anti-phishing, personal firewalls, data loss prevention, application whitelisting and more. But it’s the core task of stopping malware for which most people install this software.

David Harley, director of the Anti-Malware Testing Standards Organisation (AMTSO), points out that the anti-malware element of the software has evolved considerably.

“Products in general are a lot more proactive than they used to be with capabilities such as behaviour analysis, heuristics and so on,” he says. “Compared to the scanners of even 10 years ago, their effectiveness is of a higher magnitude.”Of course, malware has evolved too, and Harley reckons that anti-malware software is doing well if it counters 50 per cent of the threats out there.

This is backed up by independent testing firm NSS Labs, which recently issued the results of its analysis of the top brands. It says the software missed 10-60 per cent of the evasions typically employed by cyber criminals. Software that might stop a threat from one source – say, the web – would miss it if it’s introduced via another vector, such as a USB stick. And only a few products address the problem of memory-only malware

Dr Tim Watson, head of De Montfort University’s computer technology department, is even less optimistic.

“In some ways, installing anti-malware shows that a company is taking security seriously, but it’s a tick in the box. We know that 80 per cent of the stuff gets through.”.

Even the best-configured, most hardened machine is prey to user carelessness, and that’s where anti-malware provides a last-ditch defenc

Why the clash between claims and reality? According to NSS Labs president Rick Moy, most anti-malware testing is not representative of threats on the internet and is “extremely biased. Most test labs have a narrow definition of what is malicious, and often share samples with vendors before the test,” he says. “In today’s world, it’s important that buyers scrutinise security products and test them like a hacker.”

So is there any point to anti-malware software? Well, yes. The fact is that a huge proportion of machines that get infected fall victim to flaws that have long-since been patched and which anti-malware software is capable of detecting.

Installing the software might also be required in order to show due diligence and ensure regulatory compliance, and it will provide some protection through the additional features such as anti-phishing. But it’s not sufficient by itself.

There are other ways of improving endpoint security. For instance, people do not keep their software up to date – witness the way Microsoft is having to beg people to abandon the long-obsolete and still desperately vulnerable Internet Explorer 6.

“If you want your system to be secure,” says Watson, “and you want a quick win, the first thing you do is patch all the software that’s already there.”

Application whitelisting – where only approved software is allowed to run, such as Windows’ AppLocker feature – can help too, but requires careful configuration. However, even the best-configured, most hardened machine is still prey to user carelessness, and that’s where anti-malware provides a last-ditch defence.

“Organisations should still consider anti-virus as part of a layered defence,” says Moy. “Endpoint security is important to stop malware that users may be tricked, or socially engineered, into running.”

Indeed, increasingly it is people, not computers, which are the initial targets. “Threats today are more people-oriented,” says Harley, “social engineering attacks rather than technical attacks through the software. One of the big issues at the moment is Facebook survey spam, for instance.”

Ultimately, then, the best endpoint security is trained and savvy end-users guided by strictly enforced policies.

Tags: , ,