David Harley National Health Service Information Authority
Fact, fiction and managed anti-malware services
Not all of the assumptions on which the malware management ethos is founded have changed since the 1980s. The anti-virus research community is aware of changes in malware technology, and in malware management technology and methodology, as well as changing patterns of deployment and end-user attitudes to the problem.
However, security software is not always sold or administered by experts. The end-user community (system administrators included) varies widely in expertise and perceptual accuracy, of course. However, many organisations delegate their malware management deployment and maintenance to providers of managed services. However, experience suggests that a wide gap can exist between the expectations of the customer, and the range and quality of actual services provided. This gap tends to widen as the scale of the project and the complexity of the protected environment increases.
Do researchers, customers, and product resellers offering one-fits-all management services share the same perception of what a 'complete' management solution is? Is the provider necessarily the best judge of best practice?
In this paper, we examine the full range of malware management functionality, and highlight some of the areas where dissonance arises between the customer's expectations and those of the vendor.