When it comes to IT security, FUD (fear, uncertainty, and doubt) is more than just the tool of overhyping vendors hoping to sell their next big thing. It is the reality that seasoned IT security pros live in, thanks in large part to the -- at times gaping -- shortcomings of traditional approaches to securing IT systems and data.
The truth is most common IT security products and techniques don't work as advertised, leaving us far more exposed to malicious code than we know. That's because traditional IT security takes a whack-a-mole approach to threats, leaving us to catch up with the next wave of innovative malware, most of which rolls out in plain view on the Internet.
[ Verse yourself in 10 crazy security tricks that actually work. | Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
Until we solve that problem -- that is, when a critical mass of people wants to end this issue -- we will devise, deploy, and depend on security solutions that will never keep us as safe as we need to be, given the daily escalation of malware aimed at compromising our systems and extracting valuable data.
In the vein of forewarned is forearmed, here are 10 common IT security practices and products that are not guarding your systems as well as you think.
Security fail No. 1: Your antivirus scanner won't uncover real network killers
The traditional, all-in-one antivirus scanner as we know it was invented in the late 1980s. Before that, if you suspected you had a particular malware app, you located a detector program built specifically for that malware and ran it. If you found the malware, you looked for its companion removal program. John McAfee's ViruScan and VirexPC were among the first all-in-one antivirus programs created, moving us beyond the single-malware, single-solution era.
Back in the early 1990s, these all-in-one programs, now known as antimalware scanners, could reliably detect every one of the dozens of viruses, worms, and Trojans in the wild. At the time, I volunteered for the PC Antivirus Research Foundation, started by Paul Ferguson, now of TrendMicro fame, disassembling and testing newly found computer viruses. I remember everyone thinking antivirus programs had become so accurate and freely available, and we all assumed that computer viruses and their ilk would be gone in a couple of years.
Boy, we were wrong. The professional bad guys now put out hundreds of thousands -- if not millions -- of new malware programs each month, far too many for any single antivirus program to reliably detect. This persists despite claims from nearly every antivirus vendor that they reliably detect 100 percent of the common malware submitted to them. They can show you their multiple awards attesting to their incredible accuracy, but reality argues otherwise.
Every one of us is constantly faced with new malware that our particular antivirus engine doesn't detect. It's not a rare event. If you've ever submitted a malware sample to one of the multiple engine checking sites, like VirusTotal, you know it's fairly common for antivirus engines to miss new breakouts, sometimes for as long as days. Weeks later, antivirus engines can still bypass a particular Trojan or worm.
I don't blame the vendors. With literally more bad files in existence than legitimate files, antivirus scanning is a tough job and begs for whitelisting programs. They have to store database signatures for hundreds of millions of devious, hididen programs and detect brand-new threats, for which there is no signature, all the while not slowing down the protected host's operations.
While the Internet is too scary of a place to go without antivirus protection, they've long since stopped being the reliable programs as touted by their vendors.