McAfee preps 'worm-killer' VirusScan

McAfee next week will unveil VirusScan Enterprise 7.0, its first major update to VirusScan in years, that introduces newly...

McAfee  will unveil VirusScan Enterprise 7.0 next week, its first major update to VirusScan in years that introduces newly combined desktop and file server protection as well as clear lessons learned from the massively destructive Slammer and Code Red viruses.

McAfee VirusScan Enterprise 7.0 features an on-demand memory-scanning ability called "worm killer," which scans for potential viruses, worms and Trojans, and processes actively running in memory.

Powered by a scheduled auto-update mechanism to update DAT files, the revamped security product can offer alerts or actively extract the process without system disruption, said Tim Smithson, solution marketing manager for McAfee Security, a division of Network Associates.

Smithson described the recent fast-spreading Slammer virus as a "watershed event" that is altering the methods that anti-virus (AV) supliers implement to sniff out and eliminate lurking malicious code.

"AV vendors in general have switched onto the idea Slammer used this process … it didn’t do anything except go through memory," said Smithson. "Symantec and [McAfee] have produced standalone utilities to go out and clean up Slammer but that's not a long-term solution for customers. They need to have a product that can handle this from the get-go."

By exploiting vulnerabilities within Microsoft SQL Server that countless administrators never bothered to correct through available patches, the Slammer virus ripped through the internet on 25 January. The virus clogged the web and other servers with a tidal wave of information by assuming control of the host computer to designate its mass-flooding of bogus file packets.

McAfee has recognised the heavy emphasis on consolidation occurring throughout the security market, Smithson noted. The AV supplier has responded with mutual managed file server and desktop support within the latest version of VirusScan Enterprise.

The product addresses end-users' need to bolster performance and mobility.  A new risk-based scanning component allows customers to prioritise applications and processes to maximise resources. For instance, high-priority operations such as e-mail, web browsers, and applications could be flagged as high risk and subject to rigorous virus-scanning, while software backup may not be as critical to secure at optimum levels.

 For the mobile or bandwidth-challenged user, VirusScan Enterprise offers a resume-based AutoUpdate feature that allows incremental updates of existing virus definitions from the exact point of an interrupted download, as well as updates connection capability from both master and remote servers.

Despite the aggressive push by AV suppliers to enable zero-minute elapse-time response and remediation to detect and wipe away viruses before havoc is wreaked, the security industry must overcome the challenge of understanding how complex systems operate before incurring changes, said Pete Lindstrom, a security analyst at consulting firm Spire Group.

"I think the more automatic the better [for AV solutions], with the caveat being it can’t create more problems than it solves," said Lindstrom. "It's got to work, and that's always been a challenge on desktops where you have different flavors for different people. All sorts of folks downloading stuff off the Internet, different applications running that are deployed in bits and pieces in the enterprise -- so you have to be able to account for all little nuances to ensure you’re not messing up an application."

McAfee VirusScanEnteprise 7.0 will be available next week. Pricing for the product was not available.

Read more on Antivirus, firewall and IDS products