BBC Home
Explore the BBC
BBC News
Launch consoleBBC NEWS CHANNEL
Last Updated: Monday, 19 December 2005, 08:58 GMT
Holes found in PC virus defences
Internet cafe in Italy
Computer security firms are in a cat and mouse game with virus writers
People using Windows computers were unprotected against new viruses for 56 days this year, research shows.

Security firm Ironport counted how long it took anti-virus firms to produce an antidote following the first appearance of a malicious program.

It found that, on average, anti-virus firms took 17 hours to respond to new threats.

Some viruses took far longer to tackle and in one case specific defences took more than three weeks to appear.

Data delay

Ironport gathered its statistics from its monitoring system that looks at incoming and outgoing e-mail traffic for more than 100,000 organisations.

Matt Peachey, Ironport's Northern Europe regional director, said that watching this flow of traffic helps it spot outbreaks as they start because all the messages carrying a virus tend to be of a similar size.

For instance, he said, a sudden influx of messages bearing zip file attachments 60-100 kilobytes in size could signify that a novel virus is starting to spread.

"Something like that really stands out from normal internet traffic," said Mr Peachey.

Sometimes updates to anti-virus programs for new viruses appear quickly, he said, but in many cases users are left vulnerable for many hours.

For instance, said Mr Peachey, the first antidotes for the Sober virus appeared, on average, 16 hours and 14 minutes after a new variant was first seen online.

Palyh virus in e-mail inbox, BBC
Many viruses are spammed out to potential victims
By contrast the Bagle and Mytob variants took far longer to tackle. In total, users went unprotected against Bagle variants for 79 hours and 25 minutes.

Mytob took far longer - 496 hours and 16 minutes for protection against all variants to appear.

The 56-day total emerges when all the time taken by anti-virus firms to produce specific defences for viruses is added together.

One factor in the data is the sheer number of variants in some virus families. Many virus-writing groups attempt to overwhelm anti-virus defences by pumping out versions that differ only slightly from each other.

The more variants in a virus family, the longer total time it will take firms to react. At last count there were more than 100 variants of the Mytob virus.

Graham Clulely, senior technology consultant at security firm Sophos, said anti-virus companies did not solely rely on specific signatures to combat virus threats.

Many anti-virus scanners use heuristics and fingerprinting type techniques that can identify malicious programs before they are well-known and named.

"These know a piece of code is from the same family," he said. "We can see the relationship even though it has not been seen before."

"They are so similar to existing variations that we are going to block it," he said.

Malicious worm that talks back
12 Dec 05 |  Technology
Virus creators target their work
15 Nov 05 |  Technology
UK in grip of hi-tech crime wave
17 Jun 05 |  Business
Boom times for hi-tech fraudsters
28 Sep 05 |  Technology
Money motive drove virus suspects
05 Sep 05 |  Technology

The BBC is not responsible for the content of external internet sites


Americas Africa Europe Middle East South Asia Asia Pacific