These were the words that came out of representatives of Symantec, TrendMicro and Eset (mostly talking about Microsoft) during an industry panel on ‘Protecting your endpoint Security Assets’ at the SecureWorld Expo held in Detroit, MI this month. The question was, what would you suggest we do, if you know that an infected computer (that was then disinfected by their AV software) is entering your network. Symantec answered the question stating that we do not allow any such end point to enter our network again and order a complete wipe-out of the system. TrendMicro joined in, reinforcing the statement from Symantec and added that if it was the system of a receptionist or someone whose machine does not carry significant data, they would just do the routine disinfection but all others who are working at a higher level in the organization would have to start over again. He also added that disinfection is a good routine, but the old practice of restoring the clean files would be the best way rather than disinfection. Eset claimed that this is the standard practice at Microsoft and is part of the policy if an infection has occurred.
How practical is this solution? Can we safely doubt that they are re-instating that once infected, never clean? When these companies provide disinfection routines, what are they aiming to do? If they think wipe-out is the answer, but it is not an answer for insignificant roles, should their home user customer or small business customer think that they are not completely protected and that their data is insignificant. When an infection is detected by eScan, we do delete the infection, but sometimes files have to be restored and a disinfection routine is a must. Small businesses have very limited budgets to have multiple back-ups and their data is highly important to them for them and so, is their time. Time is money, time is business and a call to Wipe-out” means loss of time and money, escpecially if the business is able to budget only so much time when the machine is not available or limited monies for the wipe-out to be done and complete restoration.
There was another discussion about blocking applications or websites that will introduce threats on the PCs and all three companies were discussing about ways that these threats are being prevented. One person in the audience asked; why not block social networking websites and other non-productive websites, as a preventative measure. Symantec rep was totally against it, TrendMicro rep was for it but said that it was not practical, and Eset took the same stand as TrendMicro. The point I am trying to make is, isn’t this a social responsibility of these companies to educate their customers? We always educate our customers that it is important that they are careful while visiting these sites, which are prone to download infections/ threats and have ways of entering through the firewalls and also extracting information. eScan also provide ways through our software for our customers of all shapes and sizes to customize this. Isn’t the saying still true “prevention is better than cure” and isn’t it moral and ethical for the Branded Security Software Companies to follow this rule??