The recent announcement from US company Akonix revealed a product will soon be available on the US market to fight the threat created by rogue protocols whose behaviour is difficult to control because they bypass the gateway security on e-mail many companies rely on for protection.
Akonix is unsure, however, whether its product will be released internationally, but hope to market to Australia soon. There does not appear to be a similar product on the Australian market.
The product detects if a message via IM or P2P contains a file, and if it does the program opens the file and scans it for viruses. It claims to work on all IM programs, and work independently of the username of the operator.
-Virus checking is important because with P2P and IM there is quite a bit of file-sharing going on, and that scares the hell out of a lot of IT managers," John Gaffney, vice president marketing for Akonix told ZDNet Australia.
IDC analyst Natasha David told ZDNet Australia with the increase in use of P2P tools such as MSN Messenger, ICQ and Devil i Australia, there would be a market for the product locally. -End user organisations are struggling with network security, let alone threats that exist when employees start using some of these services."
Joel Montgomery, spokesperson for anti-virus vendor Trend Micro agreed. -Anything that opens IM and scans it is good because it complements the total security strategy."
-A managed desktop solution will prevent any virus attack as the file is opened," he added. This illustrates the tack most anti-virus vendors have used to plug the IM/P2P security hole, by having an anti-virus program installed on every desktop automatically scanning files as they are executed.
As the Sophos virus information Web site points out though, this does not protect against the most common form of IM virus, which relies on users clicking on a link that opens a Web page with malicious code. The only way to prevent this is to patch any holes in the operating system.
If you use PC Cillin (am sure others can do this as well) and have web scanning turned on would this block this type of exploit? I guess it would depend on whether the product makes a direct connection by itself or can still be intercepted by the virus scanner in the same manner as a browser.
Businesses should implement rules on internet access which prevent access to IM, at a router or firewall, and filter web traffic thru an antivirus proxy server.