Users lose confidence in AV software

The arrival of the Gokar worm last month highlighted the limitations of signature-based antivirus (AV) software, which fails to recognise and prevent new viruses.

"We had five different AV systems running on our network and the Gokar worm went through all of them," said Bernie Dodwell, marketing director at IT distributor Allasso.

"The problem is that most of the software available today is reactive and not proactive. They are signature based and are linked to a database. If a new virus comes along that it does not recognise it will get through," he added.

Analyst firm Gartner said in a report late last year that signature-based virus detection at the desktop is dying, and that traditional desktop virus detection and management methods have become increasingly outdated.

Nick Sears, general manager at Israel-based security software manufacturer Finjan, which designs policy-based analysis security software, said: "AV software is useful, but its value is decreasing because the more attacks that occur the less willing companies are to pay for AV software that does not stop new attacks.

"With current AV software someone will always be hit by a new virus because manufacturers have to create a fix after the attack. Proactive software is needed to detect viruses before they strike."

He added that policy-based inspection software is vital if new viruses are to be prevented. AV software needs to analyse the behaviour of the virus code and determine what it will do when it hits the desktop.

Jack Clark, product marketing manager at McAfee, said there will always be a place for signature-based virus detection systems, but as the number of viruses increase so does the need for new ways of preventing attacks. "All AV companies should have started work on heuristic detection methods by now," he said.

But Sears claimed that heuristic systems, which perform intelligent guessing, could result in genuine, clean messages being blocked in the effort to keep viruses out.

Clark defended the heuristic approach, however. "This is more than just guess work and it is not always 100 per cent heuristic," he said.