26-04-05

heuristic malware scanning can bug your network down

The trendmicro update that wanted to kill all rbots viruses running around (some 9000 versions) with one heuristic code analysis took all the cpu power of the servers, machines and the network afterwards. - http://isc.sans.org/diary.php?date=2005-04-25 - and a Japanse railnetwork had also serious problems - http://www.japantimes.com/cgi-bin/getarticle.pl5?nn20050424a2.htm - firstly, it took more than 4 hours to correct the bug and secondly, did TM do enough testing before releasing the upgrade. Anyone with network knowledge knows that the bigger the mass of information to scan, the bigger your scanning machine should be (as is the case with logs, the more you log, the faster your machine can be clogged by all those logs) and thirdly ( lesson we also learned) place your protection installations seperately so that if their is a problem you can follow the datastreams and see where they pass and where they end (do not set a proxy before an antivirus before an IDS etc....) I know some firms are selling heuristic antimalware appliances, but i think those are only helpful for normal networks to be hired to help clean up a totally infected environment, not to permanently protect a network.

14:00 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.