Anti-virus Makers Pushing Automation

Anti-virus vendors are readying technologies that will speed updating and propagation processes in an effort to outpace the wave of infections during virus outbreaks.

Anti-virus vendors are readying technologies that will speed updating and propagation processes in an effort to outpace the wave of infections during virus outbreaks.

Sophos plc. and McAfee Security, a division of Network Associates Inc., are taking different approaches to the problem of signature propagation but have one similarity: hands-off automation for network operators.

Sophos this quarter will update its MailMonitor gateway anti-virus product to include advanced threat-reduction capabilities that will help administrators mitigate outbreaks of new viruses before a full updated signature file is available. When a new e-mail virus hits the Internet, Sophos research team will quickly analyze several aspects of the message, including the subject line, the attachment type and the message body.

The team will write a small update for MailMonitor that could, for example, instruct the machine to block messages with a certain text string or subject line and then push the update to customer machines. The idea is to get something out to customers during high-threat outbreaks, such as Nimda or ILoveYou, before the full anti-virus signature is ready.

With the cost of the Nimda cleanup estimated at $2 billion, vendors are searching for a way to get updates out more efficiently. "Minutes matter in terms of getting updates to customers," said Richard Jacobs, technical director of Sophos, in Abingdon, England.

Currently, customers must write their own filters or wait for the full anti-virus updates, which often arent available for several hours—and sometimes for a day—giving the virus plenty of opportunity to spread.

In addition, Sophos next week will release the final beta of another product, Enterprise Manager, which will enable IT managers to schedule times for Sophos to push automatic virus updates to their servers, which will then deliver signatures to clients. The service will be based on a subscription model, and customers can sign up to receive automated downloads of new versions.

Vendors such as Sophos are stressing the potential reduction in administrative effort that such a service offers, but some network managers remain wary of turning over control.

"We dont want pushed automatic desktop updates because we dont trust the vendors to get it right," said Paul Schmehl, supervisor of support services at the University of Texas at Dallas. "Theres no way were going to roll out untested updates to our production environment and risk having multiple machine failures."

For its part, McAfee is working on improvements to its ASaP peer-to-peer, signature-delivery technology, due next month. The update will include streamlined propagation that will deliver signatures to client machines quickly and efficiently.

The ASaP service works by delivering anti-virus updates to a small number of machines in an organization. Those machines, in turn, share the updates with other client PCs.

The update will also include protection for mobile and remote users, who often are responsible for the initial infections of corporate networks during virus outbreaks. Although most of McAfees competitors have shunned the P2P model, McAfee executives said the technology is crucial to hemming in fast-moving viruses.

"During an outbreak, you want to be able to push updates and not have to wait for the next scheduled update," said Michael Callahan, senior director at McAfee, based in Santa Clara, Calif.

Related stories:

  • Anti-DDoS Tool Keeps Networks Running
  • Living with Worms, Viruses and Daily Security
  • New Security Strategy: Preventive Medicine
  • Cyber-security Czar Gives IT a Wake-Up Call
  • Viruses to Continue Their Assault on Net
  • Top 10 Viruses of 2001