Are viruses incurable?

Life online is getting more miserable by the day. Spam has got so bad that just about every country is introducing legislation to deal with it. Now it seems not a day goes by without another virus making everyone's lives - especially sysadmins - that little bit harder.

But while spam is a nuisance, it doesn't cause the havoc and damage that a virus wreaks. And it seems that particular problem is getting worse. The Blaster worm was bad enough but that was swiftly joined by the latest and most vicious version of the SoBig virus yet.

But in real terms, have viruses become worse? Are they worse than ever, more plentiful, more damaging and easier to make and distribute? Should we already be drawing up new legislation and new techniques to stop viruses at their root - the virus writers - rather than deal defensively with them?

Surprisingly, Graham Cluely, a senior technical consultant at Sophos and a man who has worked at one time or another in just about every anti-virus company, reckons the problem is just the same as usual.

"Everyone feels there is an onslaught at the moment," he told us. "But in reality, there is the same number of viruses being produced - about 800 every month."

Graham says the problem was that the viruses/worms last month were so big. "We're kind of getting carpet bombed at the moment - but it's the same bomb." It is also possible that the SoBig.F writer decided to release his latest version just to add to the problems caused by the Blaster worm.

The argument is that this is just a blip on the chart and over the longer term, viruses are no better and no worse than before. Plus, there is another very important factor - human nature.

"So far this year, it has been relatively quiet after the Kournikova and LoveBug last year," Cluely explained. "And when viruses aren't making headlines, people become complacent."

For the next few months at least, people will be more alert so any new viruses will never achieve a decent momentum. But over time this will fade and soon people will be opening attachments from people they've never heard of all over again.

So what is the solution to the virus/worm problem? How do we work to stamp on a new one as soon as it appears? One answer is, of course, patches. The Blaster worm was so effective because it exploited a big hole in Microsoft's software. But that hole had been made public a month before and a patch was available for download. The problem was very few people and businesses had got around to installing it.

Graham Cluely is pleased with Win XP's automatic patching, especially since most home users will not patch up their systems even if they know they ought to. He would however like to see PC manufacturers take a bit more responsibility. He tells of a brand-new PC that his father recently bought. He had no idea about patches but when he was told by Graham to do a check on his system and find out what he needed, there was an incredible 38MB of extra security he needed. A large amount of damage could therefore be stopped at source if PC manufacturers released new computers with up-to-date security.

Are we as a whole getting better at dealing with viruses? Yes and no. Businesses, Graham said, are definitely more on the ball these days, especially since they realise the damage that having vital computer systems go down can do. Although there is still a long way to go.

"I remain rather pessimistic about home users though. Some people will religiously update their AV files but lots of people don't care." And it is the sheer quantity of infected emails that define a virus's impact. With more copies out there, stemming from infected home users, the bigger the problem becomes for everyone else.

There is another argument that the manufacturer of the software the virus breaks should be held responsible, in the hope that the financial punishment would ensure more careful bug-checking before it is released.

Cluely is not convinced by this argument, however. "Most viruses exploit a bug in people's brains. It is not normally Microsoft's fault. All the virus writers do is appeal to groin or greed." Besides, such an approach would be to assume the possibility of a hole-free operating system. "I don't believe it's possible to have a virus-proof OS. All a virus does is copy itself. Imagine an OS where you couldn't copy or email."

His preferred solution would be to educate people about viruses. He believes that if viruses were stopped dead in the tracks, it would remove a lot of the impetus people have to write them in the first place. And it could stop a lot of potential virus releasers from going ahead with it. "We have got to educate kids about their responsibility," Cluely explained. "They need to be made to realise that a virus isn't just attacking corporations or whatever, it could also wipe out someone's family pictures or stop an old woman from communicating with her family and friends. The effects of a virus need to be made clear."

And finally, of course there is legislation. But as has been made clear in the search for the SoBig.F writer, even the FBI with its expertise and huge resources can easily be made to hit a brick wall if a virus writer uses the Internet's structure to provide anonymity.

Would legislation actually restrict the problem? Possibly. But as with everything regarding the Internet and computers, it seems that ongoing ignorance among politicians and the authorities would just produce another set of poorly drafted laws that outlaw perfectly legitimate actions.

There is no easy solution to viruses and worms but one thing is certain - we need far greater discussion over what to do and how to do it rather than simply complain about the trouble they cause.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about FBIMicrosoftSophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Kieren McCarthy

Latest Videos

More videos

Blog Posts