Anti-virus is alive and kicking

Rumours of anti-virus software's death are exaggerated. It still packs a punch, as Jessica Twentyman explains.

In recent years, a growing chorus of industry analysts has boldly predicted the imminent death of traditional anti-virus technologies. Their argument is that by relying on signature-checking to detect and eradicate pernicious code, the anti-virus suppliers can't keep up with the flood of viruses, Trojans, bots, zombies, spyware, spam and blended malware constantly released onto computer networks by the criminal underworld.

By design, the analysts argue, this kind of technology can only respond to threats it has seen before, and even packages that use more sophisticated approaches, such as advanced heuristics, can't stop all of the fresh threats they encounter.

But despite the rumours of its death, anti-virus software continues to enjoy a privileged position in corporate security budgets. Simply put, most information security professionals are not prepared to take the risk of going without it.

For that reason, IT market research firm IDC estimates that the worldwide enterprise anti-virus market, which amounted to some US$3.1 billion in 2007, will grow to US$4.5 billion by 2010.

And, despite some shortcomings, the reason for continued investment in anti-virus is clear. The volume, severity and sophistication of attacks have never been greater, and a technology effective at tackling known threats is still highly valued - it frees up time and resources to manage previously unseen threats.

In short, while most information security professionals agree that anti-virus software is (by and large) a commodity item, they remain convinced that it's still a valuable and necessary one.

Leading anti-virus vendors are working to incorporate the latest technologies, such as intrusion protection systems (IPS), into their products. The anti-virus products of the future, they argue, will be less reliant on signature-based eradication and more capable of blocking malware where signatures don't exist.

This trend requires a fresh definition of the anti-virus market, says John Oltsik, an analyst with IT researchers Enterprise Strategy Group (ESG). "Some analysts declare that anti-virus software is dead. I disagree and submit that endpoint security is evolving as a function of the changing threat landscape," he says. A good example, Oltsik adds, was the acquisition of data security company Utimaco by Sophos in August 2008.

Oltsik's advice to information security professionals? "In 2009, look for traditional anti-virus, anti-spyware and firewall software to merge with endpoint operations, data loss prevention and full-disk encryption."

Other analysts agree. In 2007, Gartner replaced its ‘market quadrant' for anti-virus suppliers with one focusing on ‘endpoint protection suppliers'. The results, however, remain much the same, with McAfee, Symantec, Trend Micro and Sophos leading the field.

In general, a more accurate definition of today's anti-virus (or anti-malware) market includes products that protect file servers, email gateways, web browsers and desktops. They may be standalone products or part of an integrated security suite that includes a firewall, intrusion detection system, network access control and spam filtering. Also gaining in popularity are security appliances, as well as hosted and managed security services that outsource the management details of an organisation's security strategy.

At a minimum, an enterprise anti-virus solution needs to be compatible with the customer's enterprise operating systems and be able to scale. It should provide frequent automatic signature updates and alert generation when an event is detected and quarantine or removal functionality, and perhaps healing capabilities for suspicious content.