ANTI-VIRUS SOFTWARE is fighting a losing battle against malware, and there's nothing that can be done to turn the tide, according to a security testing firm.
NSS Labs, an independent security product and certification test lab, looked at 10 anti-virus products on the market. It found that the effectiveness of the software was variable, to say the least, with some products more effective at protecting against malware on USB keys than in email, and vice versa.
"It tells us that the anti-virus engine is not applied uniformly across all the attack vectors," said Rick Moy, president of NSS Labs. "That's generally a flaw in the product architecture. There's not one product which gets malware the same across different vectors. Anti-virus is losing the battle. It's losing the war."
He added, "I know the bad guys are doing their own testing on anti-virus products. Every AV product can be circumvented. Hackers can get in easily, because you can download them for free for 30 days, and create your own test lab."
"You keep making the viruses and the malware, until one gets through. Once it gets through, you put it on the Internet. You can write software, until that gets automatic. The bad guys, in some cases, are doing better testing than the good guys."
'Secure' USB keys that are advertised by vendors to offer mobile protection were also shown to be pretty ineffective. Moy said that NSS Labs did work with banks on the products using the technology, and broke into everything that it tested.
"Some of that is private testing we haven't published yet. In some cases we're trying to work with the vendors. But secure USBs are not as secure as you think." µ
Watch this space
Hackers could erect man-in-the-middle attacks
Painted into a corner
What we'd call copying, Cupertino calls 'inspiration'