ISSE 2009: Existing anti-virus software is not good enough

Moderator Norbert Pohlmann, professor at the Institute for Internet Security, University of Applied Sciences Gelsenkirchen, Germany, started the session by outlining some of the challenges anti-virus and anti-malware vendors will face in the next year.

The anti-virus and malware challenges are due to a plethora of reasons, some of which were identified as:

  • Software errors in code basis
  • Complex upgrades and updates
  • Increasing number of new malware – increased by 500% from 2007 to 2008. Also see increase in professional crime
  • Malware is the basis for botnets, and botnets produce spam, distributed denial of service (DDoS) attacks and well-directed espionage
  • Detection rate of malware is up to 99% - not secure enough

Pohlmann threw the ball over to the panel discussing The Malware Challenge in the Next Year, which existed of Felix Freiling, professor at the Laboratory for Dependable Distributed Systems at the University Mannheim; Rolf Strehle, CISO at manufacturing firm Voith AG; Ronny Bjones, security strategist at Microsoft EMEA; Marius van Oers, research scientist at McAfee and Chris Bender, security product manager at BlackBerry’s Research in Motion.

Freiling said that malware is becoming hard to detect for anti-virus programmes due to encryption, virtual machines, its increasingly targeted nature, etc. Furthermore, malware is becoming more and more powerful.

He added that the problems facing those fighting malware, are the quality of software, the fact that “users don’t care”, and that “anti-virus products are not good enough”.

Strehle agreed with Freiling, saying that at Voith, they ended up building their own security infrastructure, which amongst other things, monitors abnormalities in the systems. He said Voith had to build their own system, because two or three years ago, there was nothing on the commercial market in terms of full IT security systems that fitted the needs of Voith.

Microsoft’s Bjones pointed out that anti-virus and anti-malware writing is nowhere near as ‘fashionable’ as creating virus and malware: “Black hats are more fashionable than white hats”, he told the ISSE 2009 audience.

He also pointed out a problem in the anti-virus and anti-malware industry – namely that the developers are testing their own systems – and that “this has to change” as people do not always spot their own mistakes or issues they have overlooked.

Furthermore, virus and malware attacks used to be based on statistics – i.e. malware writers tried to hit as many as possible. The trend is now changing, and Bjones said Microsoft is now seeing more and more targeted malware and virus attacks.

One of the solutions to the increasing threat of malware favoured by Microsoft, is to give free anti-virus and firewalls to users. Microsoft has already launched its own free anti-virus and security package for consumers.

Bender from BlackBerry, said: “Anti-virus is not perfect – not terrible, but not perfect.”

He posed the question to anti-virus vendors and developers whether it would be possible to reverse the strategy of anti-virus and have it look for safe software rather than malware?

Van Oers from McAfee also agreed that ‘traditional’ anti-virus “is not perfect” and that the anti-virus industry “must find ways of detecting malware sooner”.

He said one approach would be to combine anti-virus, cloud scanning, behavioural protection and white listing in one way or another taking the best of all anti-virus and anti-malware technologies.

Will the malware situation get better or worse next year?

The panel was challenged by Pohlmann to give their answers in one word:

  • Freiling: Better
  • Strehle: Worse
  • Bjones: Security better, situation worse
  • Bender: Security better, situation worse
  • Van Oers: Better – get better at handling the situation


What’s hot on Infosecurity Magazine?