Don’t Trust Traditional Anti-Virus Software Says Anti-Virus Expert in New Videos

PRLog (Press Release) - Jun 22, 2010 -
As part of a recent security-awareness drive from internet security company Trend Micro, Senior Security Advisor Rik Ferguson has spoken out against too great a trust in security tools at the cost of unsafe practises in a pair of video interviews recorded recently.

Speaking to ZDNet(http://uk.trendmicro.com/uk/home/), Ferguson asserted that traditional Anti-Virus testing doesn’t offer consumers and business decision-makers a realistic representation of the modern threat environment. The most common way in which machines get infected is via the Internet, yet traditional tests are conducted in an isolated, ‘lab’ environment, disconnected from the Net.

This doesn’t just mean that the tests aren’t actually testing the software’s ability to resist threats along their most likely attack vector: it also doesn’t acknowledge the speed and versatility required in the real world.

In a second interview, published by CBROnline (http://www.businessreviewonline.com/zones/CBRInternetsecu...), Ferguson noted that a very human flaw provides the Achilles’ Heel in the security provisions of many business:

“When we talk about IT, we tend to be very good at the ‘T’, because it’s easy to operate tactically. Make a list of holes, then buy or install a program to tackle that. What we’re not so good at is the ‘I’. We don’t know what information we have; where it resides; who should be empowered to view, edit or move that information. That’s hard stuff.”

Trust in anti-virus software often shows a negligent attitude to the overall picture when it comes to security, Ferguson says. By concentrating on the perimeter, on what happens after a machine – or network – has been compromised, organisations risk not paying attention to the strategies and protocols that might prevent attacks happening in the first place.

Ferguson suggested that responsibility for information security needs to move away from being a problem for the IT department. Only when company executives come to view the integrity and privacy of information as not just their affair, but their responsibility, are conditions likely to improve, he added, noting that current legal provisions for punishing companies for allowing confidential data to be stolen need to be strengthened.

With the aim of generating ongoing discussion, a series of articles around current security issues, including a series of IT security polls, have also been recently published on The Register’s Security That Fits Online workshop (http://www.theregister.co.uk/security/security_that_fits/).

Trend is keen to hear from Web security bloggers writing about the issues highlighted above - for further information, please contact: rowan@contentandmotion.com.