By Will Sturgeon, 5 March 2004 16:15
NEWS The UK government has released research that will make unpleasant reading for some in the antivirus industry.
A survey from the Department of Trade and Industry revealed that 68 per cent of large companies were infected by viruses during 2003, despite the fact that 99 per cent were using antivirus products.
Chris Potter, security analyst at PricewaterhouseCoopers, who co-wrote the survey said: "Antivirus software alone is just not enough anymore."
This is not the first time that signature-based virus protection has been criticised. It is seen by many as being far too reactive, meaning there will always be victims before there are solutions and fixes.
And in the wake of 'Warhol' worms - those that have '15 minutes' of destructive fame - such reactivity is easily exposed.
Potter added: "While almost every UK business has antivirus software in place, the incidence of attack is rising. With new viruses like MyDoom and Netsky sweeping the world within hours of their release, software is only as good as its last update."
Mark Sunner, CTO of MessageLabs, said: "The most effective solution is a proactive and continuously updated managed service that stops known and unknown spam and virus threats at the internet level, before they ever reach corporate networks and end users."
While some companies surveyed reported little or no damage resulting from an infection, some said an attack had often resulted in very costly remedial work and disruption that ran to more than one month.
Comments
There are 18 comments. Join the discussion
1. anonymous
Anti-Virus software is not enough.
PCs need a personal firewall as well.
If a worm (called virus by some people) doesn't get written to disk - traditional AV software will not catch it.
Worms spread by the network - so network protection (a personal firewall) is needed.
It is best to get a combined personal firewall and Anti-Virus - to avoid incompatibilities and save money.
2. anonymous
Having (or not) anti-virus software protects against the majority of viruses, but the other problem is the users themselves.
When a virus does manage to get through the software, the user opens the file, instead of deleting it.
How hard can it be - Email with attactment, sender unknown, subject either too common (i.e. fwd: see this) or unknown - select & delete.
The anti-virus corporations are doing their best to keep their software upto date, but it takes them upto a few days to analyse the virus and update the software, by which time, thousands of users and opened the file and infected their machines.
3. anonymous
I removed my anti-virus software from my home PC over a year ago and shock horror, I haven't been infected. Complacency? No. I just make sure that I use things that actually address the problem, not the symptoms.
AV software is a scam, it doesn't do what it says on the tin, proving that with good PR and marketing there will always be enough mugs who can be easily parted from their money!
4. Tom Steemson
It's been said before, but it's not sinking in. Any AV is only as good as it's last update. If AV applications are only being updated once a week (a well known market leading brand!) then it's potentially open to evasion in a corporate environment. With up to four or more signatures available on a daily basis, a managed service is what's required. Anyone relying on desktop protection alone should not be surprised when they still get infected.
5. Eur Ing Christopher Thoday
This all wildly absurd. The huge spate of viruses this year simply exploits a design fault in Microsoft Outlook and Outlook Express which has been about for years. There is absolutely no need for an e-mail client to execute any attachment whether the user clicks on it or not. It is a trivial for mail transport agents, such as Postfix or Exim, to filter out such attachments. However, the real problem is why Microsoft have not been required to solve this problem. I have written to the DTI to try to find out why consumer protection legislation does not apply to software but have not had a reply.
6. Chad Lone
3 Steps to Protection:
1. Firewall Protection
2. Keep upto date on Windows Software patches
3. Anti-virus software
Since most viruses are meant for windows software holes, keeping upto date is vitally important and will defend itself.
These steps implemented properly will lead to great success in defending against the spread.
7. David Gaskill
Surprise, surprise...
The DTI report has simply confirmed that anti-virus software is good for nobody but the manufacturers. To give these gentlemen their due it's not possible for them to produce an effective product without the gift of second sight - maybe they should try employing mediums...
I've never had anti-virus software and I've never had a virus, (before you ask, yes I do check).
The answer is simple; sack anyone that opens an attachment that contains a virus. How do you know "who did it?". Not too important. Just make it clear that anybody who opens a virus can be traced even if it's not true.
In the meantime the anti-virus companies can do something useful for once and develop software that can trace who did it...
David
8. anonymous
There are a few parts to this problem:
1/ Operating systems are not completely free from holes in programming - the more functionality on a system, the more likely there is to be an exploit;
2/ User education is minimal in a large number of companies;
3/ Unless you have your anti-virus set toi holistically check all inbound connections, it will be unable to find unknown virii.
The only way to completely fix the problem is by addressing these points.
9. Ginette Gower
The real issue with anti virus is that organisations do not have a vulnerability strategy behind their implementations. Doing so they can save thousands of pounds in wasted time, problem installations and management issues. A properly researched, planned and implemented Anti Virus Solution is three times more likely to avert a serious Virus disaster than an off the shelf solution. This translates directly into tens of thousands of pounds saved which would have otherwise been spent on repairing infected systems and troubleshooting problems.
When facing a virus outbreak customers do not want to be concerned that their Anti Virus system is up to the job. What is needed is peace of mind that the network has been protected by Anti Virus solutions chosen, installed and configured by experts.
My company took advice from AVR www.antivirusreseller.co.uk who are vendor independent and unbiased but with top virus software engineers.
10. Bob Robinson
If the AV industry focused its attention on the ISP mail servers and tracing on first detection then the solution could be solved. There would be too high a risk of the virus writers getting caught.
As soon as a few successful prosecutions were publicised the AV industry would have to re-focus its business plans to other ways that our PC's need protecting. Or perhaps writing better email software. There would be little need for AV software.
What chance is there of the AV industry cutting its own throat?
The solution is perhaps for government to fund a university research project to solve the problem, then provide the solution to all ISP's and email forwarders in the UK for a reasonable fee as the carrot, and a threat of prosecution for failure3 to take reasonable precaution against spreading virus'as the stick.
11. Bill J
Here is a possible solution. If you guys really want to stop this BS, go after the hacker/virus-writers with their own tools. Find those PCs that aren't protected, that the hackers are using to disgise their IP numbers and hack them. Install logging software that logs any inbound IP numbers that aren't associated with outgoing calls. Start tracing back those IP's. You can bet the hackers PC will be fully locked down. When you hit one you have a possible hacker. Discuss!!
12. anonymous
Why don't the ISPs filter out virus as soon as they are recognised?
Why do companies and individuals have protect themselves when the viruses could be stopped by ISPs?
I think the problem is that ISPs would become liable to their customers if they failed to spot viruses. As soon as they do take responsibility they maybe opening themselves to claims from companies or indiviuals suffering financial losses.
Peter S
13. saint
ISPs do filter viruses known (and unknown) where i live.
I work for an ISP, and we were the first in the city to invest in a viable antivirus solution. We also were the first to filter spam. We are a small ISP and it has been a huge financial drain on the company to do so, especially since w32.beagle circumvented our filters, along with every client-side software for a while due to it being in a zip file. We have multiple mail servers scanning every file that comes in. Accross our small userbase, the hardware requirements are still quite high. We could also block all .zip or .zip w/ passwords, but that cripples legitimate use of attachments beyond repair. In my opinion, it is the ISPs responsibility to a degree (ie: blocking the port used by blaster during the few first weeks) but users have to take an interest. Everyone assumes if they dont change their oil in their car they will be in trouble - so why does nobody extrapolate that to the other complex devices in their lives? Listen to the simple maintenance rules and you will be in much less danger than recklessly installing every piece of mal-ware, and opening every attachment that you werent expecting. It's also Microsoft's responsibility. It took them 8 months to fix a known vulnerability recently which is ridiculous.
Just as with everything else, it's not going to fix anything by placing the blame on one party. "Where were the parents at?" No, what are you doing on your high horse, blaming the parents when the child is in need? Do what YOU can to aid the situation, because you're the only person you have any guaranteed control over. If your mom gets viruses, set up auto-updates for antivirus and windows update. Install spyware blaster for her, and ad-aware/spybot as an extra bonus. Do what you can - dont wait for someone else to screw up and then blame them for it.
14. Paul Tanner
Get ready for Web-borne viruses
I am now advising an extra level of protection: Disable ActiveX controls on web browsing.
This is quite inconvenient as a lot of sites assume you have this enabled. (It's default for most browsers.) However, viruses can and do get in that way if you accidentally surf to a malevolent web page.
The virus checkers that handle mail will not see these pests until a full scan, if at all. So watch your backs.
15. Adrian Carter
I'm no expert in virus technology but the landscape does seem to have changed over the last few years. When I first started using computers more than a few years ago, the common problems seemed to be viruses that were spread via removable media such as floppy disks, CDs etc. Nowadays the proliferation of email based viruses can be held at bay with the application of a little common sense, a point which has already been raised here.
I'm just wondering if we will ever see the return of the stealthier 'boot sector' viruses and the like. I guess whilever a threat of that nature exists unfortunately common sense will never be enough to keep systems safe.
16. Roger Foden
You don't have to use Microsoft Windows.
That simple step will enable you to avoid almost all virus attacks.
17. neil
Anonymous wrote:
> I think the problem is that ISPs would become liable to their customers if they failed to spot viruses. As soon as they do take responsibility they maybe opening themselves to claims from companies or indiviuals suffering financial losses.
That's a good point.
The other danger is that a good email will be filtered by mistake, "a false positive." Instead of delivering the good email, the ISP will throw it out and get into trouble.
18. anonymous
"software is only as good as its last update."
This is news?
The technically aware of us have known this forever. And we are also aware that AV is only one component of the battle for the integrity of PC security.