Survey: Three out of four administrators don't trust anti-virus software
In a recent study, a total of 226 administrators, CIOs and security specialists were asked what they thought of signature and blacklist-based solutions. Three out of four administrators consider signature-based enterprise anti-virus protection unreliable. For zero day attacks in particular, two thirds of the administrators surveyed did not believe that standard anti-virus products helped to prevent attacks.
The study was commissioned by CoreTrace, which produces security software that uses whitelists to decide whether applications may be executed. Users are able to run previously defined programs only, so that it's not possible to run executable email attachments or infected programs from USB memory sticks. Vista implements a similar protection mechanism, which it calls Software Restriction Policies (SRP), but the administration function, via the Microsoft Management Console (MMC), is somewhat rudimentary. Microsoft has made SRP more fine tuneable in Windows 7, but administration still requires the use of MMC.
Nevertheless, 89 per cent of those questioned in the CoreTrace study still use a standard anti-virus product, with half of the respondents citing the fact that it's "better than nothing" as their rationale for doing so. The other half felt compelled to use an anti-virus product due to compliance and company guidelines. Around 40 per cent had thought about getting rid of their anti-virus protection, one reason being that it reduces system performance.
According to the survey, 40 per cent of users were not aware of alternatives to blacklisting and signature-based approaches. 43 per cent considered the absence of system scans when using a whitelisting approach, to be a positive factor. However, 66 per cent had concerns about adding new applications for users, wanting the process to be as quick and simple as possible.
Traditional anti-virus software vendors are also working on adding whitelist-based solutions to their existing products. The daily flood of variants of a large numbers of viruses is making production and distribution of signatures ever more impractical. As an initial remedy, many vendors have implemented cloud-based solutions that check file hashes to see whether a file has already been recognised as malicious on another system.