Filters and Antivirus Fail to Detect Malicious URLs
According to M86 Security (an IT security company), a large number of URL filters as well as antivirus software are not able to identify numerous malicious URLs, thus causing immense security risks to Web-surfers.
The security company released a report titled "Closing the Vulnerability Windows in Today's Web Environment" according to which antivirus scanning accurately recognize only 39% of all Web-based malware. However, this is not much impressive. Nevertheless, URL filters prove to be even worse as they're able to identify only 3% of malicious URLs.
The company further states in its report that among the 15,000 URLs scanned, 5,273 URLs were not only missed by the scanners but they were labeled as genuine/legitimate. Moreover, 9,283 URLs weren't classified in either of the above ways. This implies that they might or might not have been stopped by filtering systems depending on the way they were designed.
Bradley Anstis, Vice-President of Technology, M86 Security, states that despite URL filers currently scanning over 22 Million malware signatures (sevenfold higher than 2004), websites continued to be unsafe. The prime reason was a rise in Web 2.0 threats and malware, as reported by The Industry Standard on March 3, 2010.
Moreover, M86 Security explains that the websites as such were legitimate but malware had so hijacked them that reputation-based filter could not detect them. One restriction in filtering malicious URLs with reputation-based filters is that the filters presume that it is alright to visit legitimate websites. Hence, it is important that the list of malicious sites should be updated at regular intervals so that the problematic websites could be known in advance.
The report indicated that URL filters and static signatures alone couldn't defend end-users against prevalent threats like run-time generated malicious software, zero-day attacks, and malware thrust from legitimate websites.
Thus, the security experts stated that a 3rd security layer could perform effective results.
Anstis explained that for maximum efficiency, antivirus scanning, URL filtering as well as code analysis, all three approaches together should be adopted as best practice, as reported by SecurityProNews on March 2, 2010.
Related article: Filters At ISP Level Is Better Option
» SPAMfighter News - 10-03-2010