Anti-Virus Vendors Spread Cures Faster than Disease

There is no doubt that computer viruses have taken a turn for the worse. No longer a few lines of executable code, the viruses attacking networks today are more akin to rogue applications. And as the complexity of viruses grows, so does the degree of potential damage.

In the first half of 1999, major viruses cost industry nearly $7.6 billion, according to a report by market research firm Computer Economics Inc. (www.computereconomics.com).

Eva Chiang, CTO of anti-virus vendor Trend Micro Inc. (www.antivirus.com) says spending on anti-virus products rose as well, from $800 million in 1998 to an estimated $1.5 billion for 1999.

The Computer Economics report also states that the frequency of attacks will continue, with the nature of the attacks to grow more severe. This is expected to result in longer downtimes and an impact on more employees.

"Expenses and time lost due to virus attacks will continue to grow, and the situation will get worse before it gets better," says Michael Erbschloe, vice president of research at Computer Economics.

To combat the more powerful, faster-spreading viruses, anti-virus companies recently have begun to take proactive steps to avoid the possibility of damage from a virus strike.

Network Associates Inc. (NAI, www.networkassociates.com) has the Anti-Virus Emergency Response Team (AVERT), a research division of NAI Labs. By studying new and existing security threats, AVERT serves as a resource for virus information and provides around-the-clock support for virus emergencies for its customers.

The company also posts frequent anti-virus updates on its Web site and maintains a virus library with information on more than 45,000 viruses, including where they come from, how they infect systems and ways to rid viruses from networks.

Last month, Symantec Corp. (www.symantec.com) released Scan and Deliver, a component of Norton AntiVirus that includes automated macro virus analysis and repair technology jointly developed by Symantec and IBM Corp. This new technology will enhance Symantec AntiVirus Research Automation (SARA) by enabling virus cures to be created and, ideally, delivered faster than the malicious code can spread (see September 22 issue, page 8).

Scan and Deliver technology was introduced in the 5.0 version of Norton Internet to send suspicious files to the Symantec AntiVirus Research Center (SARC) for analysis and repair. Upon receiving a new macro virus from a user, the Scan and Deliver automated macro virus analysis and repair system replicates the virus. It then creates a virus definition and tests the repair on real infections. If the repair succeeds, it adds the virus definition to SARC's database and deploys the fix to customers.

Two weeks after Symantec announced Scan and Deliver, Trend Micro unveiled a new initiative -- the eDoctor Global Network -- at the Networld+Interop tradeshow in Atlanta.

EDoctor serves as a sort of virtual IT department that will help enterprises manage the threat of computer virus infection before it occurs. The solution is a network of people and products that is designed to keep companies up to date with anti-virus solutions as well as creating and distributing vaccines.

The eDoctor Global Network consists of 193 virus doctors worldwide. Chiang says the network can build a vaccine for computer viruses in about two hours and get it out to customers.

Many companies do not have the manpower to maintain their anti-virus applications, thus such companies fall behind in keeping up with patches, updates and upgrades.

"Many organizations lack the security expertise to ward off the most powerful viruses," Chiang says. "This is not just about the equipment infrastructure, but also the people infrastructure."

Chiang adds that many companies are not spending money in the right place; they are not protecting the Internet entry point.

A recent International Computer Security Association (ICSA, www.icsa.net) Virus Prevalence Study reveals that e-mail and Internet downloads carry more than 32 percent of virus infections, compared with the 9 percent carried via downloads in 1996.

The obvious result of a lack of in-house expertise combined with the growing threat of Internet and e-mail to networks is that companies are more susceptible to attack.

"Prevention of systems attacks can only be achieved through adequately funding and staffing corporate IT security programs," Erbschloe says. "Very few IT security programs are supported well, and most budgets should be at least doubled to handle these attacks."

Since not all companies can realistically double their spending on security, outsourcing is a facet of these solutions.

Trend Micro’s eDoctor, for instance, is designed with an emphasis on outsourcing. Internet service providers, VARs and telephone companies will be some of the companies that offer eDoctor.

"Outsourcing security and anti-virus solutions is becoming an important trend, even for Fortune 500 companies, especially if it’s a self-contained project or chunk of work," Chiang says.