Over the past year, businesses may not have seen the same high-profile worm, virus, and other malware attacks that made headlines so often in the past. According to computer security experts, that's not necessarily good news -- in fact, it's a sign that more firms today face a stealthier, and far more dangerous, type of malware threat.
"Virus/malware writers are not trying to create 'big outbreaks' anymore. They are trying to only infect a small number of systems to steal online banking data, to send out spam, and so on. Malware is used today to make money -- lots of money," says Andreas Marx, the CEO of AV-Test.org
Open Source Anti-Malware?
Given the speed at which modern malware attacks spread and what's at stake for firms targeted by this new generation of profit-seeking malware developers, anti-virus software is more important than ever. And while the anti-virus software market has long been the preserve of sophisticated, and highly proprietary, software vendors capable of maintaining dedicated research teams and around-the-clock monitoring networks, one of the most highly-regarded new malware-fighting tools is actually an open-source software project: Clam AntiVirus, an email gateway anti-virus tool first developed for Unix systems that is now gaining a much higher profile in the enterprise IT world.
Compared to more mature anti-malware products, ClamAV still lacks some key technical features -- a fact that its commercial competitors are quick to note. "Clam AntiVirus is a very young product. There is still a lot of development time required by the Clam folk before it can be compared 'apples to apples' against seasoned anti-virus products," said Shane Coursen, senior technical consultant for international anti-virus and network security vendor Kaspersky Lab, Inc.
Yet such criticism is both understandable and surprisingly mild, given the fact that ClamAV, started in 2002 as an offshoot of the OpenAntiVirus project, is a relatively young project. And while the project's key developers acknowledge the product's shortcomings, they also note that it offers some key benefits for firms that face many of the same threats as the largest enterprises, yet lack either the in-house resources or the pull with commercial vendors to protect themselves as thoroughly.
ClamAV, for example, is renowned for is speed in operating performance as well as for its development community's ability to respond quickly with new anti-virus signatures when a new malware threat appears, thanks in part to a unique database update mechanism based on domain name system (DNS) queries. This tool, dubbed freshclam, checks a special TXT file record to look for new databases and software updates. "That's a very effective technique, and Clam AntiVirus was probably the first anti-virus [software] to use it," says Tomasz Kojm, a computer scientist in Poland, who started Clam AntiVirus and today maintains it as its project leader.