|
|||||||||||||
Opinion: An open letter to antivirus software companies
[ by Chris Mosby, Contributor, myITforum.com ]
As many are aware, there was an outbreak of not just one, but three globally spreading variants of the Bagle worm last month. That was followed by a couple of new Mydoom spin-offs last week. Now that the smoke has cleared, and security professionals have had time to reflect on these events, I want to let you in on a little secret: The virus name game has gotten out of hand. Sometime during the Bagle-Netsky war earlier this year, virus variant names assigned by antivirus software companies got out of synch. We can understand how that could have happened. There were multiple versions of those viruses coming out every day, with virus writers trying to outdo each other in some childish game of hacker supremacy. At the same time, IT people were dealing with the waves of malware as fast as they could. When the "virus war" slowed down with the arrest of the author of Netsky, virus variant names stayed out of synch. Customers were able to "deal with it," as the new viruses trickled in at their normal pace by working together as a community via the Internet Storm Center, Secunia's Virus Information page, VGrep Online and MyITforum's
Security message boards and AntiVirus e-mail list.
This last Bagle virus outbreak reminded us what a mess we are in. Since some companies have adopted an isolationist attitude and don't usually share information with other antivirus software companies, customers were confused as to exactly what they were dealing with.
While the new Bagle variants were spreading like wildfire, some companies acknowledged the variants existed, but they didn't know what these variants did or what they should look for. This did not change even after the companies raised the threat level of these viruses.
Other companies provided more detail, but did not match the threat level of other companies since they received a low number of submissions from their customers. Their virus variant names were different from other companies, so some customers were left in the dark.
Still other companies had only one or two of these variants listed, with various degrees of detail -- again completely different variant names than other companies, since that was all their customers had submitted to them. This left some customers in the dark again. For customers who use more than one company's antivirus product -- and I know there are plenty out there -- that left them with an even bigger mess than just the virus outbreak.
With all of this going on, customers dealt with it as they usually do, working together as community. We sorted through all the information that trickled down to us. As usual, we got through it, with some of us showing a few more gray hairs.
I think I can speak for everyone in the security community when I say "dealing with it" is not acceptable anymore. As customers, we should not have to work so hard to figure out which products keep us protected.
We know antivirus software companies can do better, and we challenge them to do so. With the increasing problem of spyware, spam and patch management, we have enough to deal with.
However things are fixed might not matter, as long as something is done before things get worse. Companies should work together as a community of security professionals and help out customers at the same time. With Microsoft expected to enter the antivirus software business, companies should determine how to accomplish this and keep customers better informed about how they are protected.
This article first appeared in myITforum, the premier online destination for IT professionals responsible for managing their corporations' Microsoft Windows systems. The centerpiece of myITforum.com is a collection of member forums where IT professionals actively exchange technical tips, share their expertise, and download utilities that help them better manage their Windows environments, specifically Microsoft Systems Management Server (SMS). It is part of the TechTarget network of Web
sites. To register for the site and sign up for the myITforum daily newsletter, click here
Chris Mosby works as the SMS administrator for a large regional bank in Tupelo, Mich. He was a beta tester for the current version of SMS Installer for Microsoft and has obtained his Symantec Product Specialist Certification in Norton AntiVirus Corporate Edition 7.5/7.6. He is the co-author of Configuring Symantec AntiVirus Corporate Edition.
|
|
|
|||||||||||||||||||||||||||
|
This e-newsletter is published by TechTarget, the most targeted IT media and events company. Copyright 2004 TechTarget. All rights reserved. To unsubscribe from "Windows in the Enterprise: Best of myITforum": Go to unsubscribe: http://searchTechTarget.techtarget.com/u?cid=497413&lid=430805&track=NL-36 Please note, unsubscribe requests may take up to 24 hours to process; you may receive additional mailings during that time. A confirmation e-mail will be sent when your request has been successfully processed.
Contact Us: |
||||
