Antivirus Software Not Always Reporting When Software is Working, Study Says

Security solutions firm Promisec is claiming many computer systems are in danger of malicious attack because antivirus management consoles from leading vendors are not accurately reporting when their software isn't working.   

 

The New York-based company, a leader in clientless solutions to enforce the security, compliance and integrity of endpoints and servers, said its recent study conducted on thousands of endpoints clearly shows more than one-fourth of all computers were found to have missing or disabled antivirus software.

 

"It's a serious issue, and really a scary situation," said Gary Morse, president of Razorpoint Security Technologies in New York. "Companies rely on antivirus software and assume they're covered. However, we can show how antivirus tools can be missing or disabled on as many as a quarter of their computers.

 

The study, conducted from June 2008 to November 2008, of more than 100,000 computers across a number of industries, also claimed network administrators weren't being alerted to the problem by the vendors' management consoles.

”You've got a CIO sleeping well at night, thinking everything is secure when nothing could be further from the truth,” said Morse. “New viruses come out every day, and it could be just a matter of time before a disaster occurs."

 

The problem, according to the report, mainly stems from an internal issue:  employees have a tendency to turn off the antivirus software in hopes of making their computer run faster.

 

"What we're seeing are companies paying Symantec, McAfee (News - Alert), and others for protection that is only working about 75 percent of the time," added Alan Komet, vice president of marketing for Promisec. "But you're only as secure as your weakest link. The vendors' management console is simply not a good monitoring source. Really, the only way to monitor an agent-based solution is by using a clientless technology."

 

Still, in some instances, the antivirus software has not been deployed on certain computers, leaving them available to a host of maleware, spyware and Trojan attacks. To compound the problem, often the users interface continues to tell IT administrators everything is operating properly.

Promisec's has an agentless endpoint management product it recommends to provide complete, real-time visibility over these endpoints and servers at speeds of up to four seconds per machine. The company is currently offering free network inspections with the guarantee that if they don't find at least one potential threat on any endpoint in your organization, you can have Promisec Spectator for six months at no fee.