[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Cashing In on Virus Infections
Cashing In on Virus Infections
By Michelle Delio
02:00 AM Mar. 18, 2004 PT
After a recent epidemic of computer viruses that seemed much worse than
usual, security experts are questioning whether the antivirus software
industry is working hard enough -- or has enough incentive -- to develop
and better ways of stopping nasty software.
Over the past two months, dozens of variants of the MyDoom, NetSky and
viruses have infected computers around the globe. While sales of
software are at an all-time high, the malicious programs still spread
In a recent study by the Department of Trade and Industry in the United
Kingdom, 93 percent of smaller companies and 99 percent of large
said they use antivirus software, and close to 60 percent of firms
their antivirus software automatically to keep up with new virus
But computer viruses still managed to hit 50 percent of the smaller
and infect 68 percent of the larger companies' networks in 2003.
Some experts charge that the $1.4 billion antivirus industry is content
perpetuating a business model that is profitable for the companies, but
onerous for the user. Most antivirus solutions require users to
for an annual fee. In return, users get to regularly download "signature
file" updates that identify the latest malicious code.
Usually, it takes the antivirus software companies a couple of hours to
develop the files after a new virus is spotted and analyzed. It may take
another day or so for computer users to download the update and
themselves against the latest virus. But meanwhile, a virus can make its
around the globe in just minutes, propelled by users' clicks on
"The signature model is totally outdated and virtually useless," said
Sweeney, owner of the network-security consulting firm Packetattack, and
author of several books on systems security for technology
"But bottom line: Signature files are profitable. You have to have a
subscription that they charge either a monthly fee for or an up-front,
once-a-year fee. That makes for a nice tidy revenue stream."
There are alternatives to the signature-file model of detecting and
viruses. For example, integrity checking builds a database that
the uninfected programs and files on a PC and blocks all attempts to
them. Heuristic scanners evaluate a program's code to anticipate
intentions. The downside -- from the software companies' point of view
that these types of programs would not require updates as frequently as
signature-file programs, so it would be harder to justify an annual
"What you have now is antivirus technology that has been fossilizing for
years," said George Smith, a senior fellow with GlobalSecurity.org. "All
technologies outside of signature-based scanning were effectively driven
from the market in the last decade, as far as the average person or
is concerned. This was a conscious war prosecuted by the market leaders,
have enforced a stagnant technology base. Antivirus technology
is now a radioactive no-man's land."
Ken Pfeil, chief security officer at Capital IQ, a financial services
in New York City, said he can't guess the antivirus vendors' motivation
not moving to a more effective product, "but one would venture to guess
enough noise has not been made from the customer perspective to justify
shifting their business model from reactive to preventive."
In defense, representatives of antivirus vendors say the signature-file
model is the simplest for users. The other models sometimes demand a
sophisticated understanding of PCs and software, and require fine-tuning
settings to reduce false alarms. Even with expert tinkering, heuristic
integrity-checking products tend to produce far too many alerts for
users. The companies say users would rather have the software work
automatically in the background without the need for user intervention.
"Signatures are user-friendly," said Joe Hartmann, director of antivirus
research for Trend Micro, the third-largest antivirus software vendor.
don't require users to make decisions that require technical background
knowledge. An exact virus signature can allow the antivirus software to
perform automated virus removal without harming the system.
"And signatures are convenient," he added. "Most users want to know what
attacked their system, what actions were taken and how to remove the
malicious code from the system automatically. If we focus only on
and generic technologies, we would increase the risk for potential false
alarms and increase the skill requirement to properly use the product or
Many antivirus programs now incorporate heuristic scanners to some
which provide proactive protection against virus and worm activity
the need for updates to protect against new viruses. But antivirus
developers said most users don't like full-fledged desktop heuristic
"Antivirus companies do not offer subscription-based product-delivery
because they are the most profitable, but because they can provide a
level of protection against the ever-moving threat of viruses, with the
least amount of hassle for end users," said Chris Belthoff, senior
analyst at Sophos, another antivirus vendor.
Some independent security researchers agreed that traditional
signature-based antivirus solutions shouldn't be dumped completely,
that the software does a good job of protecting against known viruses.
"I won't rush to ignore signature-based protection," said Richard Forno,
security consultant. "Yes, it is a reactive rather than proactive
but the system I have on my mail server blocks at least 95 percent of
worms and Trojans."
In addition, Forno said the blame doesn't rest on the antivirus
alone. He pointed out that most e-mail programs, like Microsoft's
and Outlook Express, have bells and whistles that allow malicious
to launch itself and easily alter the operating system, as well as
quickly to other computers. If the e-mail programs were stripped down
had fewer hooks to the operating system and other files on the computer,
much of the virus problem would go away.
Jimmy Kuo, research fellow for McAfee Avert (Anti-Virus Emergency
Team) at Network Associates, agrees that e-mail programs have gotten too
"The simplest way (to prevent viruses) is a text-only e-mail system,"
said. "It would be helpful if one was provided with every computer, so
people could devolve from the glitzy versions if they so chose."
In addition, e-mail attachments would have to be decoded outside the
program, so users would have to take extra steps to open files,
spur-of-the-moment clicking that leads to network havoc, he said.
But Kuo doesn't expect any widespread rush to text e-mail programs. In
general, he noted, given the choice between security and functionality,
functionality will always win.
"Most people will choose the easy-to-use system," he said. "Easy also
it's easy to make mistakes and that the system is easy to exploit."
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.