Virus Bulletin 2003 (Thanks, Helen, for digging up a copy for me! I can’t believe I didn’t keep a proofed version.)
David Harley; Fact, Fiction and Managed Anti-Malware Services: Vendors, Resellers and Customers Divided by a Common Language; Virus Bulletin Conference Proceedings, 2003. Copyright is held by Virus Bulletin Ltd, but is made available on this site for personal use free of charge by permission of Virus Bulletin.
This paper was on a topic very dear to my heart, at the time: part of my job was liaising with a company to whom part of our security was outsourced, against my advice. That would be the part of the job description section labelled “in-house scapegoat”.
Not all of the assumptions on which the malware management ethos is founded have changed since the 1980s. The anti-virus research community is aware of changes in malware technology, and in malware-management technology and methodology, as well as changing patterns of deployment and end-user attitudes to the problem.
However, security software is not always sold or administered by experts. The end-user community (system administrators included) varies widely in expertise and perceptual accuracy, of course. However, many organisations delegate their malware management deployment and maintenance to providers of managed services. However, experience suggests that a wide gap can exist between the expectations of the customer, and the range and quality of actual services provided, especially as project scale and the complexity of the protected environment increase.
Do researchers, customers, and product resellers offering one-fits-all management services share the same perception of what a “complete” management solution is? Is the provider necessarily the best judge of best practice?
In this paper, we examine the full range of malware management functionality, and highlight some of the areas where dissonance arises between the customer’s expectations and those of the supplier.