Viruses exploit complacency

Although current antivirus technology seems to be keeping up with the latest mass-mailing viruses, companies need to anticipate new types of attack and make plans accordingly, according to security experts at the recent Virus Bulletin 2002 event in New Orleans.

David Perry, global director of education at antivirus firm Trend Micro, said new problems will appear that will be significantly different to the viruses seen today. Perry predicted that new threats will probably come from areas where firms were least vigilant. "If the new threat came from PDAs, we'd be ready," he said. "But it's new applications, not the transport, that's important."

John Alexander, who is responsible for antivirus measures at finance firm Wells Fargo, said a proactive approach can reduce the potential for virus infections. His organisation produces and analyses centralised virus detection reports, and seeks out those users who suffer from the most viruses.

When Wells Fargo analysed the virus activity and automated reports for internal systems for the year to April 2002, it found that about one in every 50 employees had encountered some form of virus activity. However, most viruses affected only a small group of staff.

Wells Fargo's antivirus team contacted these users and gave them training on how to avoid and stop viruses. The team has also stopped sending out virus alerts to all users, and instead targets those individuals most at risk. It also posts warnings on its internal Web site, Alexander said.

The firm also encourages users to contact the helpdesk about any suspected virus activity, and has extended its antivirus education and training programmes.

But even though the number of badly affected users has been kept low, it is still necessary to use desktop antivirus software, warned Alexander. "There have been one or two business cases where people say 'We are managing a LAN. We do not need antivirus software.' But it is in our policy that all desktops need it," he said.

But Trend Micro's Perry said that methods of providing desktop antivirus software need to change, to protect firms and users against new threats.

He argued that users working from home are often responsible for spreading viruses, so methods of updating antivirus technology should be adapted accordingly. "Users are only about half aware that they need to update," said Perry. "Selling boxes of antivirus software off the shelf is the wrong model."

Perry argued that the best solution for companies is for antivirus technology to be provided through Internet service providers, on a subscription model.

Have your say: contact IT Week