McAfee preps 'worm-killer' VirusScan 

McAfee next week will unveil VirusScan Enterprise 7.0, its first major update to VirusScan in years that introduces newly combined desktop and file server protection as well as clear lessons learned from the massively destructive Slammer and Code Red viruses.

Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft Free IT resource Attend the SOA Executive Forum: Breaking SOA Bottlenecks SOAExecForum.com/may2007 Sponsored by InfoWorld

McAfee VirusScan Enterprise 7.0 features an on-demand memory-scanning ability dubbed "worm killer," which scans for potential viruses, worms, and Trojans and processes actively running in memory. Powered by a scheduled auto-update mechanism to update DAT files, the revamped security product can offer alerts or actively extract the process without system disruption, said Tim Smithson, solution marketing manager for Santa Clara, Calif.-based McAfee Security, a division of Network Associates.

Smithson described the recent fast-spreading Slammer virus as a "watershed event" that is altering the methods that anti-virus (AV) vendors implement to sniff out and eliminate lurking malicious code.

"AV vendors in general have switched onto the idea Slammer used this process … it didn’t do anything except go through memory," said Smithson. "Symantec and [McAfee] have produced stand-alone utilities to go out and clean up Slammer but that's not a long-term solution for customers. Going forward, they need to have a product that can handle this from the get-go."

By exploiting vulnerabilities within Microsoft SQL Server that countless administrators never bothered to correct through available patches, the Slammer virus ripped through the Internet on Jan. 25, 2003. The virus clogged the Web and other servers with a tsunami of information by assuming control of the host computer to designate its mass-flooding of bogus file packets. 

McAfee has recognized the heavy emphasis on consolidation occurring throughout the security marketplace, Smithson noted. The AV vendor has responded with mutual managed file server and desktop support within the latest version of VirusScan Enterprise.

The product addresses end-users' need to bolster performance and mobility.  A new risk-based scanning component allows customers to prioritize applications and processes to maximize resources. For instance, high-priority operations such as e-mail, Web browsers, and applications could be flagged as high risk and subject to rigorous virus-scanning, while software backup may not be as critical to secure at optimum levels.

 For the mobile or bandwidth-challenged user, VirusScan Enterprise offers a resume-based AutoUpdate feature that allows incremental updates of current virus definitions from the exact point of an interrupted download, as well as updates connection capability from both master and remote servers.

Despite the aggressive push by AV vendors to enable zero-minute elapse-time response and remediation to detect and wipe away viruses before havoc is wreaked, the security industry must overcome the challenge of understanding how complex systems operate before incurring changes, said Pete Lindstrom, a security analyst at Malvern, Pa.-based consulting firm Spire Group.

"I think the more automatic the better [for AV solutions], with the caveat being it can’t create more problems than it solves," said Lindstrom. "It's got to work, and that's always been a challenge on desktops where you have different flavors for different people. All sorts of folks downloading stuff off the Internet, different applications running that are deployed in bits and pieces in the enterprise -- so you have to be able to account for all little nuances to ensure you’re not messing up an application."

McAfee VirusScanEnteprise 7.0 will be available next week. Pricing for the product was not available.