Antivirus, e-mail vendors up ante in malware fight

Technology to fight spyware, remotely controlled bots and other threats will dominate news from the RSA Conference in San Francisco this week, as antivirus and e-mail security companies offer new products and features to protect companies and Internet users from sophisticated, malicious code.

Antivirus software companies Symantec Corp., McAfee Inc. and Sophos PLC all plan to announce new technology to fight viruses, spam, spyware and other blights. Those security software mainstays will be joined by a host of other companies that are introducing new services or expanding the security features of their products to address the rapid growth in the number of online threats.

Spyware tops the list of nasties in the crosshairs of companies setting up shop at the annual computer security show, which organizers say will be the largest ever.

Symantec plans to announce new features to fight spyware in a number of enterprise antivirus and intrusion prevention products. Symantec Antivirus corporate edition Version 10 and Symantec Client Security 3.0 will be available in March and have features that can spot and remove spyware, adware and other threats, Symantec said.

While Symantec software already spots many forms of spyware, new features have improved the ability of the company’s products to detect spyware and Trojan activity in real time, and to remove spyware installations once they are identified, according to Brian Foster, senior director of product management for client and host security at Symantec.

The company also improved its spyware definitions to include instructions for cleaning up after the spyware, Foster said.

Also, Symantec’s Network Security 7100 Series Intrusion Prevention appliances will be able to block communications from spyware and remote control Trojan horse programs, or bots.

The new features on the 7100 series allow organizations to protect networks against spyware and Trojan horse programs by spotting and isolating communications from compromised machines networks, Symantec said. McAfee is also announcing changes designed to combat spyware. The company will begin releasing virus definition files, or DATs, each day, starting Feb. 24. The daily virus definition updates are designed to stay on top of threats such as backdoor Trojans and compromised systems, McAfee said. Other companies also plan to make antispyware announcements later in the week.

Spyware was a nuisance just a few years ago, but has quickly morphed into a real security risk for companies, said Charles Kolodgy, an analyst at IDC.

“Spyware used to be just ‘adware,’ where you had pop-up (advertisements) and cookies that would report back your surfing behavior, and the security (companies) didn’t look at that. But as more malicious activity started to occur, the security (companies) started responding,” he said.

It is more difficult to assess the exact cost of spyware infections than it is the cost of virus and worm infections. However, companies are beginning to see the effects of the spyware epidemic in increased customer and user support costs, as removing spyware eats up support time, said Phoebe Waterfield, an analyst at The Yankee Group.

Antivirus vendor Sophos is also updating its products, adding new features to its gateway and end-point antivirus products that spot viruses, spam and other malicious code without a definition file, said Chris Kraft, vice president of product management at Sophos.

Sophos is introducing a technology called “genotype scanning” that detects and blocks code based on behaviors, such as system calls and patterns of communications. The proactive detection features are being introduced in to the Sophos Pure Message Gateway and Sophos Antivirus products, said Kraft.

Sophos is also announcing a feature called “decision caching” that improves its products’ scanning and allows faster updates, the company said.

And leading e-mail server company Sendmail Inc. is making virus fighting a priority. On Monday, the company plans to announce enhanced antivirus and antispam features in a new version of Mailstream Content Manager, the enterprise e-mail processing platform.

Mailstream Content Manager 2.0 will support the Frisk Software International’s F-Prot Antivirus engine in addition to McAfee’s Olympus Antivirus and Cloudmark Inc.’s Authority Antispam engines. Added support of the F-Prot engine will give Sendmail customers more choices about which antivirus engine to deploy, according to a company statement.

Leading vendors are responding to market demands for security products that integrate more features like antivirus or antispyware scanning into existing products, IDC’s Kolodgy said. The addition of antispyware or proactive detection features is a natural step as vendors try to keep up with rapidly evolving threats and offer more complete threat detection, he said.

With online threats proliferating, Web portals are gaining favor among security vendors. Security information portals like Symantec’s have long been popular among computer security enthusiasts and network security professionals, as have sites such as The SANS Institute’s Internet Storm Center . More topical Web sites such as, the Anti-Phishing Working Group’s Web page, or IronPort Systems Inc.’s e-mail traffic monitoring site are also widely used.

Now McAfee is adding MyAVERT, a new educational portal that will be unveiled at RSA on Monday and provide security information, alerts and reports from the company’s Anti-Virus Emergency Response Team to consumers.

Visitors will be able to create their own customized security portals with six different kinds of threat and research reports. Users will be able to compare data from different security databases, search for media coverage of threats and bone up on techniques for fighting or removing new threats, according to a statement from McAfee.

Finally, IronPort will use RSA to enhance the Senderbase e-mail traffic monitoring network. The new site uses information from 75,000 networks that submit information to Senderbase, and from analysts at Ironport’s 24×7 Threat Operations Center, according to Tom Gillis, senior vice president of worldwide marketing at IronPort. Visitors to the Threat Operations Center Report site can view reports on global e-mail volume trends and top e-mail senders, as well as receive real-time alerts about emerging online threats. IronPort claims to monitor 25 percent of the Internet’s e-mail traffic, through customers such as China Telecommunications Corp., Adelphia Communications Corp, Sprint Corp. and Verizon Communications Inc., he said.

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now