Although many Middle East companies are now using anti-virus products, virus infections are on the rise
Dubai, UAE, 09 November 2006 -GFI, a leading provider of network security, content security and messaging software has issued a stark warning to businesses in the Middle East about the dangers of deploying a single anti-virus engine.
GFI's recently released white paper, "Why one virus engine is not enough", reveals that organizations relying on the protection of a single anti-virus engine are actually leaving themselves exposed to a severe and constant threat from all forms of malware. According to the 2006 FBI Crime and Security Survey, 97% of organizations have anti-virus software installed, yet 65% have been affected by a virus attack at least once during the previous 12 months. Network World cited studies that placed the cost of fighting Blaster, SoBig.F, Sober and other email viruses at $3.5 billion for US companies alone. A 2006 study by the British government found that 43% of companies in the United Kingdom were infected by viruses during 2005. While no studies have been published within the MENA region, GCC and Middle East companies are disrupted on a regular basis by a range of computer virus attacks despite the wide-spread application of anti-virus software.
"In spite of the fact that we install the latest anti-virus software on all the systems we maintain throughout the UAE we are constantly being called in to clean network servers and PC units that have been infected by new viruses, malware, spyware and spam," said IT contractor Rajeef Mustafa of Nourtec IT. "Many of these viruses attack root files and are hugely damaging. For most end-users, the Internet and email have become indispensable tools but internet and email use unavoidably renders systems vulnerable to the endless stream of viruses launched on a daily basis. There is no 'one-size-fits-all' solution to combat viruses"
PC SecurityShield estimates that over 40 new viruses are found every day. In June 2006, Microsoft reported that one out every 300 PCs was infected with malware. It is also important to remember that today's environment of constantly evolving malware is the product a legion of independent malware designers, each with an individualistic approach and attack strategy.
The white paper outlines the fact that even though every anti-virus vendor in the market claims to have a fast response time, there is no single company that will consistently be the first and fastest to respond to a virus outbreak. Depending on a single anti-virus engine does not guarantee the quickest reaction to outbreaks every time, leaving productivity and business operations vulnerable to attack.
According to the white paper, every virus lab and scan engine is different. When it comes to protection there is no single best engine, each has its own strengths and weaknesses. Anti-virus products often use a mix of technologies to detect and defeat viruses. The three most common approaches are:
Signature files which are prepared and released by anti-virus labs on a regular basis and contain details that help identify a virus. Signature files are the usual way anti-virus engines are updated.
Heuristics are used to detect viruses and other threats that have not yet had signature files developed for them. Essentially they look at different characteristics of a file, assess the characteristics and flag those that appear to be viruses. This method can also detect and catch metamorphic viruses (viruses that can mutate) which are notoriously resistant to signature files.
Sandboxing isolates and executes suspicious code in a virtual machine isolated from the rest of the IT infrastructure to determine if it's malicious or not.
Individually each of these technologies can be very effective, but none are 100% successful. While some anti-virus products combine two or more of these technologies, there is no single best solution. The only effective way to assure the highest level of safety and security is by a multi-layered in depth defence which can be achieved by using multiple anti-virus engines.
"While no organisation would rely on a single security guard or alarm system to protect its most valuable physical assets from different threats such as theft, vandalism, fire and natural disaster, many still expect their data to be protected by a single anti-virus engine," said Mohammed Rizwan Shaikh, IT Security and QA Manager, IT Center, Dubai World. "This is a dangerous approach to take. The only practical way to guarantee the protection of your organization's data - its most valuable asset of all - is by using multiple anti-virus engines. Using multiple anti-virus engines allows you to pool all the strengths of each different vendor, without being exposed by their weaknesses, ensuring you always get the quickest signature update."
"Having multiple virus engines ensures that there are different reaction times from different teams to address the problem," said David Vella, Product Manager, GFI MailSecurity. "Our customers will always be protected by the anti-virus vendor team which delivers the signature files first in case of such virus outbreaks. Speedy reaction is the key in identifying a virus, producing the virus signature and releasing it to the customer."
Andreas Marx, anti-virus expert with AV-test.org, agrees that a multiple anti-virus engine approach is the most comprehensive way for organizations to detect and combat virus attacks. "Studies prove that the best way to prevent virus introduction is with several layers of protection, which include multiple anti-virus scanners. Different anti-virus companies are using different ways to detect unknown malware proactively, for example, using heuristics or Sandboxing. When one company can detect 30% and another one can detect 20% of all newly released malware files, the combined proactive detection score might be boosted to 50%," Marx said.
The "Why one virus engine is not enough" White Paper is available at http://www.gfi.com/whitepapers/why-one-virus-engine-is-not-enough.pdf
-Ends-
About GFI
GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. With award-winning technology, an aggressive pricing strategy and a strong focus on small-to-medium sized businesses, GFI is able to satisfy the need for business continuity and productivity encountered by organizations on a global scale. Founded in 1992, GFI has offices in Malta, London, Raleigh, Hong Kong, Adelaide, Hamburg and Cyprus which support more than 160,000 installations worldwide. GFI is a channel-focused company with over 10,000 partners throughout the world. GFI is also a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com.
All product and company names herein may be trademarks of their respective owners.
For more information:
Majdi Al Ayed
+971 (50) 5531983
majdi@traccs.net
Shahlia Rogers
020 7395 7127
rogerssh@fleishmaneurope.com
Wadad Tabbara
+971 (50) 7498747
wadad.tabbara@traccs.net
Tamara Morris
020 7395 7037
morrist@fleishmaneurope.com
© Press Release 2006