Most successful attacks on client desktops occur when end-users are duped
into launching Trojan horse executables, a fact I've raised time and again in
the past couple of years. Users might think they're installing an Outlook
security patch, a recommended anti-virus program, or codec needed to watch
Britney slink out of a cab, but they end up unleashing malware that can wreak
havoc not only on their systems, but on your entire corporate network.
Unfortunately, no matter how up to date your organization's anti-virus software
is, there is no 100 percent effective way to stop this type of attack once a
user opens the infected file. They'll work regardless of whether you're using
Windows -- the most targeted platform -- or OS X, Linux, or BSD.
[ Learn why the InfoWorld Test Center says malware-fighting firewalls miss the
mark. | Mobile malware is cropping up at an alarming rate. ]
For years now, anti-malware companies have tried everything to combat malware,
but without great success. Part of the problem is that anti-malware software is
struggling as never before to detect the tens of thousands of new variants being
generated daily by criminals and hosted on legitimate (or legitimate-looking)
Web sites. The body of evidence shows that the best detection rates are between
40 and 70 percent -- and most products are not on the high end. (Here's a good
report on the subject.)
Compounding the problem is the inherent shortcomings of today's anti-malware
software: Installation and execution warnings tend to be non-existent, overly
generic, or excessively enthusiastic, eventually teaching users to ignore them
with a click.
It's time for the anti-malware industry to completely reinvent how we detect
malware and put the intelligence of the professional anti-malware engineer into
the hands of every end-user. Security software developers need to take the best
of all the various technologies (signature detection, heuristics/behavior
detection, whitelisting, blacklisting, code signing, community groups, and so
on) and make them work in concert to give end-users the best chance of escaping
infection.