Anti-virus software is not good enough to proect organisations
from cybercriminals/
Common anti-virus products are detecting only between 75% and
95% of malware, Felix Freiling, professor at the University of
Mannheim told the ISSE 2009 security conference in The Hague.
AV producers should be co-operating more openly with academic
researchers about what they are doing to tackle increasingly
sophisticated forms of malware, he said.
The second basic problem is the poor quality of software code
that is still full of security vulnerabilities.
This is not only operating systems, but also applications that
load and process data, said Freiling.
The third basic problem is that end users do not take security
seriously. They cant be bothered to use IT systems in a secure
manner, he said.
These areas need to be improved, as malware is getting
increasingly powerful and at the same time much harder to detect,
said Freiling.
Cybercriminals are hiding malware through using encryption and
other techniques and tapping into the power of networks of millions
of hijacked computers to carry out attacks, he said.
Rolf Strehle, chief information security officer at German
manufacturing firm Voith, said he had tackled the problem by
developing a network anomaly detection tool in-house.
Since introducing the system over four years ago, Strehle said
his security team had been able to identify and block a large
number of threats that by-passed commercial products.
In this way we have also been able to detect malware attacks
specifically targeted at Voiths research department, he said.
The system uses multiple sensors that scan for anomalies that
are checked manually by a team of 12 system monitors.
There is no product on the market that could provide us this
level of protection, Strehle said.