Brand new virus, same old problems

Just when IT departments around the world recently began to 'rest easy', they were struck down yet again by another rampant e-mail virus. As the Homepage bug instantly mailed itself out through personal, PC-based address books, corporate organisations in the UK, Europe and across the globe were left having to deal with jammed servers and the unwanted spectre of costly downtime.

The Australian Parliament and the Swedish court administration system were just two of Homepage's early victims before it spread through Europe and America, forcing many corporate concerns to shut down their e-mail networks completely in fearful anticipation of what might follow.

A huge distributor of anti-virus software in the Asia and Pacific Region (the first region to wake up to the virus) offered Homepage a head start when its scanners failed to detect the little devil. Alas, they weren't the only ones. Many anti-virus companies spent the following day "offering upgrades to their existing software in an attempt to patch up the security breach" (The Guardian, 10.5.01).

So why did the Homepage virus spread so virulently? In fact, why did it spread at all? In truth, it would have been perfectly possible to capture this virus automatically, in particular as it was written with the very simplest of virus-writing 'kits'.

It didn't even tactically play with the weaknesses of human nature, as did the LoveBug and Anna Kournikova viruses some months previously (the latter offering the opportunity of viewing alluring pictures of the Russian tennis star, or indeed the promise of instant wealth).

The answer to this vexed question is that, quite simply, conventional software-based virus protection just isn't working. However hard traditional anti-virus vendors try to tell you otherwise – Eric Chien, chief researcher at Symantec, recently said: "We could produce software which stopped everything, but that would lead to legitimate applications being blocked" – there is an alternative which guarantees 100% protection.

The solution? Namely, to re-route e-mails and scan for viruses at the Internet level before they get within spitting distance of the corporate boundary.

The whole subject of e-mail virus detection needs to be looked at with a fresh eye. Detection must be fundamentally proactive. Business system end users must have the burden of Internet security lifted from their shoulders instead of them constantly being

Software never even enters the equation. Indeed, much of the software produced by traditional anti-virus vendors was conceived before the maximum potential of the Internet was realised, and is now simply out-of-date. There are far too many viruses out there for traditional scanners to be able to cope with them all on a daily basis.

In addition, anti-virus software itself is purely reactive in its nature: a signature, or 'fix', must be issued and downloaded onto the software before it can protect the user. Typical anti-virus software also operates at the desktop or server level, scanning for viruses at the point when any unwelcome visitors will have already nestled themselves nicely within the network.

Proactive approaches to detection
The whole subject of virus detection needs to be looked at with a fresh eye. It needs to be fundamentally proactive. Business system end users must have the burden of Internet security lifted from their shoulders instead of them constantly being taunted with that old mantra: "Update your software!"

Many anti-virus program vendors will say that they can provide 100% protection against all known viruses, but what real good is that to the end user? The definition of a known virus is one that has been ascribed to the aptly-named 'Wildlist', and which is therefore in current circulation. Any anti-virus vendor that can't protect its customers against one of these viruses isn't worth its salt.

What is far more telling is whether or not an anti-virus vendor can provide any kind of guaranteed protection against future viruses. Most of them cannot fulfil that objective.

Why, then, aren't the anti-virus vendors trying to radically improve the service they offer to their customers? Why, if indeed Internet scanning is so obviously the way forward, aren't they making the most of this situation and exploiting such a huge market?

The answer is simple. If they did so they would undermine the very ethos of their system and product offerings, so too their corporate identity. Although the goalposts have moved, most anti-virus concerns seem happy to keep on chipping away while assuring their clients that there's no other way to do business. "Until end users are willing to adopt more Draconian approaches, viruses will always be able to find their way around some types of scanner" (another quote from Symantec's Eric Chien).

When the Homepage virus struck on 8 May, it was allowed to propagate because many of the bigger anti-virus companies had no signature in place. This time lag is fatal. It was lucky that the Homepage virus had no serious 'payload', save for its ability to clog servers and take the unwitting user to a porn site.