BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific
BBCi NEWS   SPORT   WEATHER   WORLD SERVICE   A-Z INDEX     

BBC News World Edition
 You are in: Science/Nature  
News Front Page
Africa
Americas
Asia-Pacific
Europe
Middle East
South Asia
UK
Business
Entertainment
Science/Nature
Technology
Health
-------------
Talking Point
-------------
Country Profiles
In Depth
-------------
Programmes
-------------
BBC Sport
BBC Weather
SERVICES
-------------
EDITIONS
Wednesday, 22 May, 2002, 10:37 GMT 11:37 UK
Waging war on computer viruses
David Smith, AP
David L Smith: Creator of the Melissa virus

New net technologies present opportunities for more than just entrepreneurs and venture capitalists. Virus writers like them, too.

Almost every novel internet technology, from e-mail to peer-to-peer networks, has been exploited by virus writers and vandals keen to cause havoc.

Virus writers are locked in an endless struggle with anti-virus and security companies who are trying to guess which advance will be taken advantage of next.

Many anti-virus companies are adapting their tactics to protect customers and catch new viruses before they do too much damage.

Copycat killer

Whenever novel viruses appear, anti-virus companies work to produce a "pattern" file that tells their software how to spot and stop the malicious program.

12 months of virus interceptions
May 2002 - 560784
Apr 2002 - 469467
Mar 2002 - 169104
Feb 2002 - 135523
Jan 2002 - 241609
Dec 2001 - 479703
Nov 2001 - 268740
Oct 2001 - 164690
Sep 2001 - 204650
Aug 2001 - 229069
Jul 2001 - 144225
Jun 2001 - 60497
Figures from MessageLabs
One successful virus usually leads lots of other people to produce copycat programs that differ only slightly from the original.

Many anti-virus programs use rule-based techniques, called heuristics, to spot these variants.

Natasha Staley, a consultant at anti-virus firm Sophos, said these techniques helped limit the spread of the "H" version of the Klez e-mail worm.

This rule-based approach has also proved useful in combating the many e-mail viruses created after the Melissa outbreak in 1999.

"Melissa was one of the defining moments of virus writing," said Ms Staley.

Current figures show that 90% of all viruses in the wild are e-mail viruses that spread by using weaknesses in Microsoft mail programs.

But, said Ms Staley, if the rules used by anti-virus programs got too broad they would cause too many false alarms.

"There are an endless number of combinations available to virus writers," she said, "which is one of the reasons that heuristics are so difficult to do well."

Handy help

Andrew Armstrong, UK managing director of Trend Micro, said anti-virus companies were trying to break out of the infection-reaction cycle and help consumers and companies prevent virus infections spreading.

"The speed with which viruses are going around the world on the internet means that having a fix two hours later is a help, but it's too long," he said.

Floppy disk, Eyewire
Even old viruses that travel by disk never truly die
According to figures from the Cooperative Association for Internet Data Analysis, the Code Red worm was infecting more than 2,000 new computers per minute at its peak.

Companies like Trend Micro now tell companies how to avoid infection before the patch for anti-virus software is finished.

Mr Armstrong said this advice usually took minutes to draw up and distribute. He likened the difference between giving advice and producing a patch to that between using a mosquito net and producing a cure for malaria.

Trend Micro is also producing tools for customers that help them work out the extent of a virus outbreak and clean up all the machines that have been infected.

Unfortunately, one of the main allies that virus writers have in their bid to spread the malicious programs are computer users themselves.

Exposed again

Ms Staley from Sophos said viruses that were years old regularly re-appeared because users did not do enough to protect themselves.

Even boot sector viruses that travel by floppy disk still occasionally break out.

"The Kak worm appeared in 1999 but is still infecting people," she said. "That's pretty incredible because every anti-virus program detects it."

Although many companies were putting anti-virus programs on e-mail gateways, web servers and desktop machines, said Ms Staley, the malicious programs still occasionally slipped through.

She urged people to regard with suspicion e-mail messages from strangers bearing attachments or with odd subject lines.

See also:

04 May 00 | UK
02 May 02 | Americas
30 Mar 99 | Science/Nature
05 Dec 01 | Science/Nature
30 May 01 | Science/Nature
19 Apr 02 | Science/Nature
Internet links:


The BBC is not responsible for the content of external internet sites

Links to more Science/Nature stories are at the foot of the page.


E-mail this story to a friend

Links to more Science/Nature stories

© BBC ^^ Back to top

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East |
South Asia | UK | Business | Entertainment | Science/Nature |
Technology | Health | Talking Point | Country Profiles | In Depth |
Programmes