NEWS The majority of European businesses are bracing themselves for a barrage of computer viruses which they fear are going to increase in frequency and destructive potential over the next decade. And few believe they have the protection in place to weather the storm.
Three-quarters of businesses surveyed said they believe viruses will become more dangerous, while two-thirds believe the frequency of attacks will increase, according to research conducted by MessageLabs.
Given the massive increase in virus activity over the past couple of years Natasha Staley, information security analyst at MessageLabs, says it's very likely this alarming growth in malware will continue.
But of greatest concern to the antivirus industry however will be the fact that many businesses believe time is running out for companies whose protection from malware now lags worryingly behind the advances being made by virus writers.
According to separate research from the FBI, 99 per cent of enterprises have antivirus protection and yet during 2003 82 per cent were attacked by a virus, resulting in over $200bn in losses.
Therefore it is perhaps unsurprising that only 35 per cent of respondents to the MessageLabs survey expressed confidence in traditional antivirus software while 43 per cent said they are no longer confident about the protection it affords. Almost a quarter of respondents (22 per cent) said the changing face of virus threats means traditional antivirus products will be obsolete within the decade.
MessageLabs' Staley said much of the problem is because of the inherent "sacrificial lamb" approach to signature-based antivirus - the chance that somebody may 'need' to get infected with a virus in order for others to be protected.
"This research shows that customers are starting to lose faith in traditional antivirus solutions," said Staley. "It can be very frustrating for companies who are still be getting caught out despite doing everything they can to protect themselves."
Much of the problem is with the rapid propagation of worms and the fact traditional antivirus is inherently reactive. The phenomenon of the 'Warhol worm' which spreads rapidly - and enjoys '15 minutes of fame' - has often done its damage long before patches have been put in place or a signature-based antivirus solution database has updated.
Often that process of updating signature files and putting a fix in place can take anywhere between six or seven hours and a whole day.
Security software firm Finjan, which claims to proactively stop viruses by scanning and monitoring all active content on a network, such as executables and other potentially malicious code, refers to this as a 'window of vulnerability'. In essence this window exists from the point a vulnerability is known until the point when it is fixed. Any exploit released into the wild during that time can cause serious harm to a business.
Nick Sears, vice president EMEA at Finjan Software, said: "Many of the current AV solutions are excellent at recognising and blocking viruses that currently exist, but cannot cope with new internet attacks."
The very nature of signature-based antivirus, at its most rudimentary, means there is always a danger some customers will be hit, in order for others to be protected.
Finjan's Sears added: "As a result, it is purely a question of luck as to whether you or your competitor is hit in this interim period."
Comments
There are 3 comments. Join the discussion
1. Brian Burkill
I think the problem stems here from home users, who have not got AV protection.
The reason why many do not have protection is simply because you have to pay for it. Home users are reluctant to shell out cash, some because it involves paying for it on line.
Big companies are usually the target for DOS attacks, which is what most of the viruses appear to be nowadays, and the attacks come from unprotected home users who have the virus.
If AV and firewall software were free, and its research and upkeep financed by the big companies, then more home users would be prepared to install it, thus reducing the attacks.
But until it is, then I think that the attacks will simply increase.
2. Allan Shriver
Where is the sanity in this? Are we really to believe that the IT industry which has come up with Windows, MacOS, UNIX, Linux, ERM, CRM, ad nauseum, is too DIM to work out how to stop spam?
It is usually perfectly obvious, to anyone with half a brain, that an email is a spam (with or without a virus) by looking at the title and/or first line of the message (visible if message preview is 'on' - in Outlook anyway). Annual ISP charges are not insignificant to home users, so why don't they have people 'on watch' 24/7 for inbound messages which are obvious spam? Lazy? Profit-greedy? Don't-give-a-damn attitude? If they stop one inbound spam there, they can stop it from turning into 100,000+ outbound spams (since many spams [that i get, anyway]) seem to pick up email addresses from my ISP!!! Any ISPs out there with the balls to speak up want to answer that?
Or if that's too 'human labour intensive' (ie costly) then why not develop some s/w that will spot emails with *.exe attachment and at least 'flag' them as such when they are sent to the email account holder? Then this feature (to allow/disallow attachments with executables) should be able to be activated/de-activitate on-line by the email account holder.
Secondly, Micro$oft is keen to give away s/w like IE for browsing, so why don't they give away anti-V s/w, too? They'd do their public reputation a WHOLE lot of good if they did. Afterall, it's mostly their hole-ridden s/w that allows spam to get through!
How about it, M$, hmmm???
...or is security on PCs going to get so bad that we have to go back to using faxes and pen and paper, while the Internet goes the way of the Dodo???
3. Barnendu Goswami
Brian: I hear what you're saying; and I think this is a commonly held belief among professionals, and it may have been true for the most part, 2-3 years ago.
The sad truth now is that it doesn't really control the initial 'hit' that most of the 'warhol' method style worms employ. AV protection is only good for damping the after-effects of an outbreak, because it isn't really intelligent (yet).
I suspect the coming year will see some interesting (if rather late) advances in AV technology. Imagine an AV product that has a watchdog process for a list like the one that programs like 'HijackThis' produces...alerting the user when something new is introduced into one of those Windows 'nooks and crannies'. Methods like this were used in some of the less complicated OSs of the past, by the most effective AV solutions (I'm thinking back to the days of the Amiga and the 'Pseudo Ops' virus killer for example), but there's no reason a similar strategy would fail in an OS like Windows, but it's only going to work long term, if the checks and balances are intricate, paranoid, and reliable. Some of the protection has to come from the user/process/installation security around services and application install/uninstall. That's something Microsoft can look at, we already have most of it in place now, but applications still have the ability to weld themselves into the OS without necessarily forcing the app to register in a single user accessible interface (like the 'add/remove programs' interface in the control panel for example? - one which requests specific credentials from the user before commencing installation? - cripes, even the IT department would want that!). But even without that: a bit of proactive thinking on the part of AV writers will in my opinion, reap a lot of reward.