Guest Column | September 4, 2014

7 Things Your Antimalware Offering Must Do

By Shaw Droker, President, Global Consulting ASCII member since 2000

Shaw

You would be hard pressed to find an IT professional who does not offer an antivirus solution to their clients; but it is just as crucial to have a solid antimalware offering for your users. 

Malware accounts for significant capital losses in the current dangerous technological environment. According to a recent study, repair and cleaning of a single infected computer can cost a business $3,000 per day for up to 30 days.  Those numbers exclude the hidden costs of lost productivity and revenue. 

And the potential loss of data and potential for liability suits from security hacks is immeasurable. 

When searching for the best-of-breed security products, there are many vendors out there with varying product features. But whichever you choose, there are a few things that you simply must consider.

  1. Does it work automatically? Several features should be automated in any good protection offering. Some of the most important ones for an antimalware product are automatic updates of detection files, scheduled scans, and “always on” monitoring.  Malware protection, like virus protection, should be mostly “set it and forget it.” And all of these items should happen regardless of current user system access rights. Also consider that new engine version upgrades should be an automatic process, though a quick request of the user to change versions is not a bad idea. There may be times that you do not want a new version of the engine installed based on your own internal testing procedures.
  2. How often are new malware detection lists released? I like to rely on a product that has at least daily malware definition file updates. The “bad guys” are working hard to break through our defenses. It is important to have protections that update themselves frequently.
  3. Does it have rootkit protection? Rootkits may be the most dangerous type of malware.  They certainly are evil and difficult to remove once they have invaded. Your malware protection offering should include protection against rootkit infection, and removal tools should the worst happen to your users. Since it is never a bad idea for protection software overlap, having an antimalware product that protects against, and removes viruses, worms, Trojans, and other spyware is perfect.
  4. Does it come from a large, reputable company? As you would with any important decision, ask your colleagues. What do they use? Having the backing of a large vendor is critical in deciding what to offer your clients. Technical support of course is one reason why you want a good solid vendor relationship. The bigger the manufacturer of your malware product, the bigger their sample size of malware is going to be and, therefore, the safer you will be with their malware detection blueprint.
  5. Are zero-day heuristics a part of the protection strategy? Zero-day attacks are previously unknown attack vectors not yet specifically addressed by developers.  Heuristic algorithms help a protection program to recognize those items that are not specifically coded for in the protection product. A great antimalware offering is one that uses a heuristic engine to help protect even when a threat is brand new to the world.  Let’s face it, new attacks are born every day if not every hour. No product can be up to the moment for all new threats.
  6. Is malicious website protection included in your product? The single most common way to get nasty malware on a system is to visit an infected site. Often, by the time your protections have notified you of an invasion, the damage has already begun. Your antimalware package should include monitoring of known and zero-day malevolent web sites and malicious threats.
  7. Self-protection is key.  Much of the virus and malware in the wild now is smart enough to immediately attack and disable those protections you have installed for your clients.  Some protection products these days have special features to help protect themselves from these direct attacks. Some of the top tier products even have ways to scan and remove damage after the fact. Since you may not be able to download or install a removal tool once the system is infected, having preinstalled but stealthy removal tools is important as well.

And don’t forget your own computers. We are all susceptible to attacks. As IT professionals, we should be following our own advice on protecting our assets. If we are not, we risk spreading infection to our clients and their computers.

In this technically advanced world, money is being made by controlling and infecting innocent computer users. It is difficult to be completely protected. But by following these seven simple steps, and doing your research before deciding on a protection offering, you can be ahead of the curve in providing your customers (and your own machines) with the best protection available.