New antivirus software targets worm holes
"An ounce of prevention is worth a pound of cure." That's the principle driving Network Associates' new antivirus software, designed to spot holes before viruses can burrow into them.
The new program, called ThreatScan, is intended to add a proactive tool to the defensive technology now used by system administrators to protect their networks.
Current antivirus software scans for malicious code on potentially infected computers or in e-mail attachments, waiting until a virus or worm has already attacked a system to react to its presence. ThreatScan instead looks for the holes worms use to squirm past security and then alerts the network administrator of any that it finds.
As far as antivirus administrators are concerned, said Candace Worley, product manager for Network Associates' McAfee Security group, their job is on the line if there's a virus infection. "From (the administrator's) perspective, he needs to be more proactive about detecting vulnerabilities that could be exploited by those viruses," Worley said.
Last summer's Nimda and Code Red worms underscored the weakness in antivirus-software makers' vanilla virus scanners. The worms moved fast and had spread widely by the time most antivirus companies were able to update the signatures used to identify the rogue programs.
The worms also used well-known security holes to spread--holes that vulnerability scanners help seek out and identify.
"We kept getting asked by the AV administrators, 'How do I know what I don't know?'" Worley said.
ThreatScan identifies all the computers and, in some cases, devices on a network and reports which ones are susceptible to a virus attack.
However, the new product is limited to scanning only for vulnerabilities that are used, or may soon be used, by worms. In addition, it requires another Network Associates product, ePolicy Orchestrator, designed to help system administrators remotely manage a company's network.
ThreatScan is based on an existing technology for pinpointing security holes. Networks Associates' Sniffer Technologies develops and sells a more general vulnerability scanner that can be used by network administrators to check for the types of holes that hackers could exploit.