IT Pros Question Effectiveness of Anti-Malware

By Matthew Hines  |  Posted 2009-09-09 Print this article Print

A newly published survey of IT professionals employed across a range of different vertical markets finds that the workers are becoming increasingly worried about malware while losing confidence in traditional security defenses.

Conducted by Dimensional Research on behalf of CoreTrace, which specializes in applications whitelisting -- one of the newer breeds of security systems that propose to replace more traditional defense mechanisms, the study finds that almost everyone working in IT today is leery of the growing malware threat and their organizations' abilities to defend themselves.

According to the report, which was based on interviews with some 225 individuals, 80 percent of the workers believe that malware attacks will continue to proliferate, while 74 percent admitted that they are concerned that traditional "blacklist" IT defenses will fall short.

In fact, some 90 percent of those interviewed said that they harbor concerns about their existing anti-malware protections, specifically around emerging zero day attacks, which often circumvent older controls which have not previously observed the new threats.

Some 66 percent of those surveyed said that they question their organizations' abilities to stop zero days, which often prey on newly discovered vulnerabilities, while 50 percent remain unconvinced of the efficacy of malware scanning technologies in general.

Overall, 53 percent said that their organizations rely on traditional reactive defenses because there are no better alternatives available, while 52 percent said they have considered ditching the older security systems altogether.

At the same time, roughly 40 percent indicated that they are unfamiliar with any alternatives to their existing security mechanisms, and only 9 percent have already shifted to whitelisting.

Whitelisting, which only allows for the use of approved applications and Web sites and is pitched as a more proactive solution for organizations seeking to block out all the unwanted and infected applications and URLs available to end users today, is considered by some to be a replacement for more traditional AV.

However, while signature-based AV systems have historically needed to recognize attacks to stop them, the use of newer techniques such as generic signatures and behavior monitoring have improved the systems' abilities to stem some attacks, and stop some zero days.

There are also fears that whitelisting tools will handcuff users by preventing them from using applications or sites that they find necessary to get their jobs done, and force IT security to handle a constant stream of requests to allow new systems in the workplace.

The survey found that 66 percent of those interviewed would only embrace the alternative approach if users can play some hand in deciding which applications and Web sites they are allowed to utilize.

Some analysts believe that the proactive and reactive security solutions will eventually work in cooperation, especially as legitimate sites and applications continue to face a daily assault from attackers seeking to sneak malware past the many different types of security controls.

Vendors like CoreTrace are attempting to broaden their opportunity to fill the gaps left by blacklisting by making their whitelisting systems more intuitive and capable of allowing flexibility to users, and less hands-on for IT staff.

Follow eWeek Security Watch on Twitter at: eWeekSecWatch.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel