AVs Failed to Adapt to the Changing Threat Landscape
A latest testing done by NSS Labs, a security firm, disclosed some appalling results- seven antivirus products were evaluated weeks after the Google attack unearthed, and only one antivirus, McAfee, successfully blocked both the original attack as well as the new variant. The outcomes are worse as AVG's solution failed to stop even the original attack code.
It is to be noted that hackers attacked Google in December 2009 taking undue advantage of zero-day susceptibility in Internet Explorer to distribute malware on hacked systems.
With the level of visibility of the attack and the in-between time that has passed since its initial identification, the NSS Labs stated that it was believed that most of the products would successfully fix the vulnerability. But, just one out of the seven tested products effectively spoiled scores of exploits and payloads.
Further, the security experts informed that to drop their malicious software on the target network, now the hackers just have to discover a single vulnerability. After they penetrate into the system, they can steal data, break into the systems, and then move it offshore.
A partner with Isec Partners, one of the companies investigating the APT attacks, Alex Stamos, stated that conventional security products cannot help much against APT (Advanced Persistent Threats). He also said that almost all the victims had installed antivirus in their systems along with intrusion detection systems and Web proxies scan content, as per the news published by ComputerWorld on March 11, 2010.
Furthermore, a large number of security experts now admit that the patches, intrusion detection systems and updated antivirus, are not sufficient enough to protect the firms from the present day's worse cyber threats.
Therefore, to solve the problem, the security experts said that new systems are required to detect malware. Cloud based security and various approaches while listing may or may not lead to a clear solution of this grave issue, but extra efforts will have to be applied by operating system and client software vendors. They must begin to work on the development of more protected code so as to combat these hackers and their dangerous cons.
» SPAMfighter News - 22-03-2010