FireBreak is not an AntiVirus System.

FireBreak AntiWorm is an Intrusion Suppression System. It helps your AntiVirus systems work better by bridging the definitions gap. FireBreak impedes worm traffic and alerts you to their presence without definitions.

Signature-Based Virus Detection at the Desktop is Dying

left dropquote The signature-based desktop antivirus software used by most enterprises provides marginal value today, and that value is steadily decreasing. Gartner believes that enterprises should begin to augment and eventually replace signature-based techniques with more-robust approaches. Enterprises that don't will be swamped by malicious software riding the coming wave of Web services. right dropquote

-- Arabella Hallawell & John Pescatore Gartner, August 31, 2001

How do AntiVirus systems combat worms?

Antivirus systems intercept file-open and other operations on a system, and look for the "signature" of a virus or a worm. If found, the software blocks the file open attempt, preventing the contamination of the single system in question. AntiVirus systems are a critical part of a defense in depth strategy for the modern enterprise network. However, AntiVirus has an Achilles heel.

AntiVirus systems need definitions to recognize a virus. Worms spread faster than definitions can be developed, tested, released, and deployed -- The Patch Gap.

How effective is AntiVirus against worms?

The short answer is: not very.

To provide network-wide protection, antivirus products must be installed directly on all vulnerable systems. Antivirus products must know the signature of a virus or worm before they can block it, and thus require frequent updates to the "antivirus definitions" which allow the product to recognize the threat.

Layered Defense graphic

Worms and bots exploit The Patch Gap by probing the network directly, looking for unpatched systems. The worms spawn dozens, hundreds, or thousands of variants, and spread like wildfire within minutes of release on the internet. It's not possible for AntiVirus definitions to keep up.

In the past few years, the number of worm variants has grown steadily, with some families of worms spawning literally thousands of variants - dozens per day. Many of these worm exploit the same security holes, but sneak past AntiVirus definitions by changing their "signature" faster than the AntiVirus vendors can keep up.