Earthweb
Images Research Events Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
 SUBJECTS:
 FEATURES:
Search EarthWeb Network

internet.commerce
Be a Commerce Partner
Cheap Plasma TVs
Online Education
Car Insurance Quotes
Web Hosting Services
Phone Systems
Marketing Products
Compare Prices
Memory
Corporate Gifts
Masters Online
PDA Phones & Cases
Racks
New Car Prices

IT Management : Columns : Executive Tech: How Long Must You Wait for an Anti-Virus Fix?

Symantec Data Management Solutions
Whitepaper: The Benefit of Continuous Data Protection
Data volume continues to grow at nearly 40% to 50% each year, making back up of mission critical data very difficult. For any organization looking to manage data growth, improve reliability, and speed data recovery, continuous data protection provides the avenue to address the challenges in a method that will improve overall data protection without weighing down IT with costly solutions.
Register Now to Download.
Whitepaper: Breaking Through the Dissimilar Hardware Restore Challenge
This paper discusses recovery to virtual computer environments, hardware migration strategies, hardware repurposing for optimal resource utilization, meeting recovery time objectives, and increasing disaster tolerance.
Register Now to Download.
Whitepaper: Converging System and Data Protection
From resilience against threats to efficient restoration of normal operations, Symantec can help keep your business up, running, and growing—no matter what happens.
Register Now to Download.
Webcast: Symantec Brings Disk-based Data Protection and Advanced System Recovery Together
Symantec Backup Exec™ and Symantec LiveState Recovery™ allow rapid and easy backup and recovery of virtually any Windows data and Windows system.
Join us for an informative Webcast to learn how to:
  • Create backups and restore to specific system recovery points
  • Maintain data availability and minimize server downtime
  • Eliminate backup windows, improving increased system reliability
  • Dramatically minimize downtime by rapidly recovering entire systems to dissimilar hardware platforms or even to virtual environments
Register Now to Watch.

Related Articles
Fix Windows Without Patching
What's Protecting Your Open-Access PCs?
Is the Tide Turning in Battle Against Hackers?
Sobig's Birthday -- Tracking Most Damaging Virus Ever
Understanding and Preventing DDoS Attacks
- ITSMWatch Newsletter -
email:
IT Focus
Wireless in the Enterprise

Wireless technology continues to make great inroads into networks. But IT pros still must contend with a number of issues such as security, access and integration.

Ready? Set. Go!

Mobile Workers Never Looked So Thin

The Incredible Hidden Wireless Connection

Product Watch
DataPort HotDock - External Drive Enclosure Enables IDE Hot Swap
GateDefender Performa - Gateway-Based E-Mail Anti-Spam and HTTP Content Filtering
PalmSecure - Biometric Identification via Palm Veins
VirusCop - Report Virus Spam, Erroneous E-mail Bounces, Other Spam
REV - Removable Hard Drive Platform for Storage and Backup

more products >>

Datamation Definitions
data mining
ERP
extranet
grid computing
intranet
network appliance
outsourcing
storage
VPN
virus
FREE Tech Newsletters

Webcast: Introduction to ASP.NET 2.0 Using C#. Join Fritz Onion for a comprehensive tour of Web forms, declarative data binding, validation, rich controls, and more.

How Long Must You Wait for an Anti-Virus Fix?
February 23, 2004
By Brian Livingston

Brian Livingston Imagine that your office building was on fire, and you called the fire department, only to be told, "Please wait there while we invent a new method to fight the kind of fire you have."

You'd be furious! You'd expect the firefighters to rush to your building immediately, ready to fight whatever kind of fire they found.

Unfortunately, anti-virus services are forced into a scenario that no firefighter would accept: "We have to invent new defenses every day." Anti-virus software can predict and prevent some never-before-seen viruses. But all too often, a new virus can spread unchecked while software vendors develop and distribute a new "signature" file that can match the virus and kill it.

The Time Lag Between Discovery and Disinfection

Just how long is the period between a new virus getting "into the wild" and an effective antidote getting into your company's anti-virus arsenal?

To answer that question, I turned to AV-Test.org, a group of researchers which has studied anti-virus technology for years.

AV-Test is not as well-known in the United States as it should be, possibly because the group is located in Germany at the Otto von Guericke University Magdeburg. Many of the organization's articles have been published in German computer magazines that have no English editions — but I hope that'll change.

I interviewed by telephone Andreas Marx, manager of AV-Test, to get his view of anti-virus response times. He provided me with test results showing how long it took 23 major anti-virus programs worldwide to come up with new signature files during the past several weeks.

"I hope this will decrease the time it takes updates to get released," Marx told me, explaining why he feels sharing the information is important.

Finding — and Fighting — New Virus Threats

The new signature files involved in this horse race were developed to fight four novel viruses that weren't being caught by the preventive or "heuristic" techniques of most anti-virus programs. These four new viruses are known as Dumaru.Y, MyDoom.A, Bagle.A and Bagle.B.

AV-Test uses special scripts to check the servers at anti-virus companies every five minutes, looking for new signature files. It then calculates the time between each virus being first spotted somewhere in the world by the MessageLabs consulting group and the time when each anti-virus service has a working fix available to the public (not counting beta versions available only to testers).

According to the organization's data, these are the average lag times, in hours and minutes, for each program during the test period:

   H:M     Anti-Virus Program
  06:51   Kaspersky
  08:21   Bitdefender
  08:45   Virusbuster
  09:08   F-Secure
  09:16   F-Prot
  09:16   RAV
  09:24   AntiVir
  10:31   Quickheal
  10:52   InoculateIT-CA
  11:30   Ikarus
  12:00   AVG
  12:17   Avast
  12:22   Sophos
  12:31   Dr. Web
  13:06   Trend Micro
  13:10   Norman
  13:59   Command
  14:04   Panda
  17:16   Esafe
  24:12   A2
  26:11   McAfee
  27:10   Symantec
  29:45   InoculateIT-VET

The averages vary from about 7 hours per virus to more than one full day (almost 30 hours).

It's important to note two things about the figures in the table above:

• Some of the programs were able to detect some of the viruses in the testing period heuristically — without needing an update. Ikarus, Quickheal, and Virusbuster were able to do this with the Dumaru.Y virus, whereas Norman and RAV were able to do it with Bagle.B. In those cases, the anti-virus program was assigned a response time of zero for that one virus. This reduced those vendors' average response times.

• On the other hand, A2 had not posted a signature for the Bagle.B virus within three days, when the test period ended. This program, therefore, was assigned a response time of 35 hours in this instance. If this virus had not been considered in the statistics, A2's average response time would have been reduced to 15:26 rather than 24:12.

Distributing the Fix Is As Important As Developing It

Aside from the immediate problem of developing signature files that can detect new viruses, there's another element to a good anti-virus service. The new signatures must be distributed to corporate and individual customers across the Internet, using the infrastructure the provider has built.

In a PDF white paper released in February and entitled "Outbreak Response Times," AV-Test shows that the frequency with which anti-virus companies update their software online varies widely. Although new signatures are sometimes posted very quickly in special cases, many major anti-virus services schedule regular online updates only once or twice a week, AV-Test says. Other providers, such as F-Secure, schedule updates seven times a week, while Kaspersky Labs schedules them 20 times a week, according to AV-Test's figures.

Updating Anti-Virus Signatures Around the Clock

Actually, says Antony Holdsworth, technical consultant for Kaspersky Labs' United Kingdom office, his company recently started posting a new signature file on its servers every three hours.

"We're seeing about 300 new viruses a week," Holdsworth explains. "There are always new anti-virus signatures to post," even with updates scheduled eight times a day, he adds.

Kaspersky schedules new signature files the most often — and earned the fastest average response times in AV-Test's real-time trials, shown above — because the company has a large number of people around the world analyzing viruses and developing cures, Holdsworth says.

Conclusion

Your company may not feel it has a virus problem. Some corporations think they can prevent viruses by stripping all attachments out of incoming e-mail. "But people use workarounds like Hotmail to get attachments," AV-Test's Marx says.

If you do find yourself coping with new viruses all too often, the response time of your anti-virus service may be a factor you'll want to take a good, hard look at.

Want to discuss the issues raised in this column? Take it over to our IT Management Forum.

Brian Livingston is the editor of WindowsSecrets.com and the coauthor of "Windows Me Secrets" and nine other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.


Executive Tech Archives


JupiterWeb networks:

Graphics.com

Search JupiterWeb:

Jupitermedia Corporation has three divisions:
JupiterResearch


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Jupitermedia Corporate Info | Newsletters | Tech Jobs | E-mail Offers