Anti-virus is alive and kicking

So how will vendors seek to protect enterprise customers from malware during 2009? For a start, they're looking at the ways in which it is delivered. "The old method of spreading malicious code via emails will nearly disappear in 2009," predicts Magnus Kalkuhl, member of the global research and analysis team at software company Kaspersky Lab.

"Today, threats are mainly spread via links, and when the user clicks on them, malware will be downloaded," explains Kalkuhl. "The malicious program can then start its nasty tricks, whether that's logging keystrokes, stealing an ID, or downloading more malware. As these links may be routed over a number of servers, the user gets redirected from one machine to another. These ‘virtual relays' require additional efforts by anti-virus vendors to identify new malware, so such methods are certain to be used more frequently in the coming year."

Botnets emerging in Russia, Brazil and China; social networking-based malware; and attacks focusing on mobile smartphones - all will be major concerns in 2009, according to MessageLabs' 2008 Annual Security Report.

Luckily, the most recent releases of popular anti-virus products are catching more malware than previous versions and without the major performance hits that were common to their processor-intensive predecessors, according to independent testing lab, AV-Test. Last year, it analysed the latest versions of 33 anti-malware products, measuring how well they did in detecting known malware and spyware, as well as unknown malware.

Symantec's Norton 2009 beta came out with the best ratings in the lab tests, catching over 98 per cent of malware, over 95 per cent of spyware, and with no false positives. The software found new malware over 95 per cent of the time.

In general, says Andreas Marx, CEO of AV-Test, "the 2009 [products] seem to be a lot better optimised for the real needs of the customers, and they will not slow down the systems in such a dramatic way, as the 2008 editions did." In addition, he notes, many of the 2009 products can or will eventually use ‘cloud'-type services for more comprehensive scans, contributing to better detection rates.

But despite improvements in the effectiveness of anti-virus software, there is no room for complacency, warns Stuart Okin, UK managing director of IT security specialists Comsec Consulting. "Of particular concern to the security heads at major organisations that I've been talking to recently is the threat of ‘spear phishing' or ‘whaling', where a small handful of the most influential executives within a company become the focus of an attack," he says.

In these attacks, sophisticated social engineering techniques are used in the form of emails that often purport to originate from a government agency and are so convincing that the recipient is persuaded to open an attachment or follow a link.

At that point, malware may be unwittingly released onto their organisation's systems. "This approach works, because the spam is individually targeted, often appears genuine and urgent, and recipients feel obliged to take action on it," explains Okin.

Anti-virus software will play an important part in protecting organisations from the malware introduced during such attacks - but only in conjunction with a host of other threat-management solutions, Okin says. "Anti-virus is still an important part of a layered approach to IT security - but it is only a part of such an approach. You need to keep an eye on everything that your anti-virus systems aren't able to detect - and that can encompass a huge range of nasties."