I find myself particularly troubled by a piece of research published recently. Beware before reading it yourself that it’s fairly opaque, even for tech saavy folks, but I wanted to comment on the implications.
In a nutshell, this paper describes a weakness that is present in virtually every desktop or server-based anti-virus software. This weakness would allow a rogue program to effectively hide from anti-virus software while running, by swapping innocuous program code into the view of the anti-virus software when scanned.
This paper describes specific methods of implementation, and is probably in the wild as you read this.
I have long been an advocate of having defense in depth with regards to security issues. This issue can be mitigated to a degree by using network based scanning technologies to prevent malicious software from entering your network, but even that will not protect against all scenarios. While there haven’t been many media-based virus outbreaks lately, the proliferation of easy to use flash drives, media players, and external disks present a clear risk of infection.
My recommendation at this point to most customers would be that they verify their network-based anti-virus scanning systems are functioning properly, and to ensure that there is a clear policy in place for the use of external media on company computers.