Anti-Virus Software: Is It The World's Biggest Protection Racket?

Dec 1, 2002 12:00 PM, By JOS WHITE

Once upon a time, computer viruses only appeared on special occasions. They could be found in remote crevices, their favored habitat being the warm confines of a floppy disk. When they did rear their heads, it was likely your trusted anti-virus (AV) vendor would already have tackled the problem. Running a monthly anti-virus update kept you protected from top to bottom.

Such was the situation until the vehicle of virus transport upgraded from a floppy disk to that great leveller, the Internet. The advent of the World Wide Web meant that viruses would never be the same again — and yet, the method of detecting and stopping them was unchanged.

Spreading fast and furiously by the power of e-mail, viruses started finding their feet, piggybacking on files, hiding in screensavers and generally causing a lot of damage. In May 2000, the LoveBug virus gave e-mail users worldwide the first real taste of things to come. It spread quicker than any virus before or since (MessageLabs detected 1 virus in every 28 e-mails), cost billions of dollars worth of damage and shut down computer systems worldwide. And it wasn't just the victims that were taken by surprise; anti-virus vendors were caught equally unaware.

So how was LoveBug allowed to spread as it did when companies thought they had the latest signatures in place? Essentially, the goal posts had shifted. Anti-virus vendors were chasing last week's virus that spawned from an infected floppy — they weren't chasing today's virus that can multiply exponentially in minutes and infect companies across the globe within hours.

Suddenly, a software-based approach seemed less than ideal. More than that, it seemed obsolete, back-to-front, redundant. Good people found themselves paying for a solution that didn't do what it said on the box. And it still doesn't.

So let's backtrack for a minute. How exactly does anti-virus software work? What is behind those companies that tell us to update our anti-virus software or else?

Essentially, a virus writer eager for a bit of action releases one of his or her creations into the “wild.” Assuming that the virus has any guts, it will spread slowly at first before gaining momentum. And no, the users who are getting infected at this early stage aren't just the “fly-by-the-seat-of-your-pants” types with no anti-virus protection — these are loyal, conscientious firms that have invested time and money into protecting their networks with what they thought was the latest anti-virus software. Vendors are sublimely unaware of any of this until they are contacted by a disgruntled customer who has fallen foul of this latest e-mail pest. This customer is the nominated sacrificial lamb, the accepted loss. He or she is obliged to actually send the offending virus to the anti-virus vendor for analysis and development of a signature to benefit more fortunate customers. It is then up to diligent IT staff to download the signature and update their software to stave off the latest threat to their technical assets.

So one customer's IT network lies in tatters for the greater good of the customer base. Inevitably, there is a period of time between the release of a virus and the issuing of a signature during which IT managers can do nothing but cross their fingers and hope for the best. This is the way it works: reactive methods that are an outmoded response to the modern problem.

But the injustice doesn't end there. Regardless of how much money companies might spend on the latest software, they are the ones that will take the flack in the event of an infection. Anti-virus vendors conveniently wash their hands of any responsibility when a customer gets infected. And for many anti-virus vendors, letting viruses through to their customers is an accepted occupation hazard. If a customer neglects to update their software regularly and is foolish enough to open an attachment from an unknown source, then it has nothing to do with them. Of course, if a downloaded signature saves the day, the story is somewhat different.

So should you be grateful for a service like this? And should you happily part with your money knowing that there is a fair chance that you will be infected? On both counts I say no. These companies can no longer do the job they were set up to perform and they're hoping that no one will notice. To switch tactics, to tackle e-mail viruses at their source — the Internet — instead of waiting until they have already penetrated the network boundary, would be to trash their raison d'etre and undermine the ethics (or should I say urban myths) that they have worked so hard to maintain.

For the record

ABOUT THE AUTHOR

Jos White is founder of MessageLabs, a managed services provider (MSP) specializing in Internet-level managed e-mail security services. For information, go to www.messagelabs.com.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue