The recent Chinese hacking of New York Times has raised the issue of the efficacy of anti virus or security softwares used by corporates.
According to NYT, the hackers had installed 45 custom malware over the previous three months of which only one could be detected by Symantec. (See article)
Symantec has however said in its defense that Times did not use the software properly.It said “The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behavior-based blocking, specifically target sophisticated attacks.Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough.”
This gives rise to a discussion on what are the default capabilities of an end point security software and what is the extent of expertise required by the clients to use such a software efficiently.
In this connection the this comparative test of different products for Home users would be useful. This test is based on the most common default settings and hence is of interest to an average user. In this test several products have been compared against three specific parameters namely ability to identify threats,repair them and the usability factor.
While evaluation of an anti virus solution for home users has to be based on default configurations without expecting too much of expertise, Naavi.org is also trying to find out the expectation level of informed buyers such as corporate customers regarding the security solutions they look for.
All said and done, Chinese hacking of NYT could also be due to targeted attack on the domain which would be difficult for an average AV software to detect. There is however a possibility of detecting it at least after the malware starts exhibiting its properties. i.e. if prevention fails at least early detection should help. In the NYT case Symantec seems to have failed in detecting the malware for nearly 3 months. This delay needs to be pondered over.
Naavi
Also: PCworld review