ISPs should open your mail

Over the past five years the internet has changed vastly from its academic origins to become the lifeblood of global business communications. Unfortunately, while the obvious benefits associated with such connectivity have been well-documented, the honeymoon period is now over.

The chaos and cost of the Love Bug revealed just how much security policy, and in particular virus protection, needs to be a fundamental part of business strategy. The Love Bug virus brought companies around the globe to their knees in a matter of minutes, shattering all traditional methods of virus protection with it.

The problem with e-mail borne viruses is that they travel so quickly. By incorporating self-propagation capabilities, they can spread around the globe in seconds. The problem with traditional anti-virus software is that its effectiveness is based on the premise that it recognises the code of the infected e-mail and matches the code against its own database of existing viruses. The software works in much the same way that a supermarket cash till scanner recognises a barcode.

Which asks the question: how can the anti-virus software detect viruses which contain code not programmed into the software's database? The answer is: it can't, and businesses suffer the consequences of what can only be termed a leaky system. There is a dangerous window of exposure between the release of a virus and the time it takes an anti-virus company to develop a fix and alert all end-users to update their systems.

The key to virus protection thus lies with positive prevention rather than reactive remedies. Heuristic scanning offers a reliable alternative to traditional anti-virus software methods. Heuristic scanning uses signatures to detect known viruses but also checks samples against its knowledge base of possible virus code and virus-like behaviour. A slight twist or quirk in the code of a virus gets past anti-virus software easily but using heuristic scanning, these can still be picked up.

E-mails pose the greatest virus threat of all and must be stopped at internet level

That said, it would be impractical to expect every organisation with an e-mail system to use a heuristic scanner on-site as these systems require a lot of maintenance and are hardly cost-effective. If you wanted to build a dam, you wouldn't build barriers at every single tributary - you'd go to the source of the river.

This is why it should be the responsibility of Internet Service Providers (ISPs) to offer this service. They have the power to trap infection at source, because they distribute the actual mail. If all ISPs were to offer virus scanning services, the threat from new and old viruses alike would be reduced to next to nothing.

Ultimately, there is no one technology which is better than another. The options available must be used together for optimum results. Anti-virus software at the desktop will always be essential to prevent viruses transmitted through removable media, such as CD-ROMs and floppy disks.

E-mails, though, pose the greatest virus threat of all, and must be stopped at internet level before they even hit a corporate network. Heuristic scanning is simply the best way of doing that.