BBC Homepage World Service Education
BBC Homepagelow graphics version | feedback | help
BBC News Online
 You are in: Sci/Tech
Front Page 
World 
UK 
UK Politics 
Business 
Sci/Tech 
Health 
Education 
Entertainment 
Talking Point 
In Depth 
AudioVideo 
Wednesday, 31 May, 2000, 12:55 GMT 13:55 UK
Beating big bad bugs
lots of bugs
More bugs than ever are being found in software
By BBC News Online internet reporter Mark Ward

Computer security companies are developing novel ways to spot viruses and malicious hacking before serious damage is done.

Under development are populations of smart software programs that can spot suspicious behaviour or programs that might be viruses.

But improving the security of computers connected to the internet has a long way to go as a survey of security vulnerabilities has found that loopholes are turning up in ever increasing numbers.



Viruses spread so fast you have to be able to detect them quickly

Alex Shipp, MessageLabs

The survey revealed that about 60 new vulnerabilities are being found in software every month.

The figures are based on an analysis of the archives of Bugtraq, an internet-based group that collects and circulates information about security
loopholes in software.

The vulnerabilities range from backdoors in software to the poor programming that viruses exploit.

Microsoft's NT operating systems tops the table of programs with the greatest number of vulnerabilities. The total number of bugs in all versions of Linux puts it second.

Predicting problems

Bugtraq warned against reading too much into the analysis and said it would leave the interpretation of the results to individuals.

"Viruses now spread so fast you have to be able to detect them quickly," said Alex Shipp, anti-virus technologist at MessageLabs.

Instead of waiting for viruses to cause damage many anti-virus companies are turning to detection programs that can spot and quarantine potentially problematic programs before they strike.

This smart software knows everything about existing viruses and examines mail attachments and programs to see if they have anything in common with what it knows.

Top spotter

Mr Shipp said the smart programs managed to catch thousands of copies of the Love Bug before many security firms even knew it was a virus.

Even though fixes for the Love Bug were available only hours after it struck the virus still did a lot of damage.

These programs were becoming more important because virus writers are constantly trying to outwit the security companies.

Some viruses exploit obscure instructions for running video clips only recently added to Pentium chips.


Love Bug live
The Love Bug needed only two hours to cause havoc
"They are using all the weird and wonderful add-ons so they can hide their virus from the detectors," he said.

Anti-virus company Symantec has developed a system that automatically catches viruses, sends them for analysis and then sends out a cure to those infected just like the human immune system.

Active agents

Researchers at the Sandia National Laboratory in the US are developing populations of software programs called agents that patrol networks looking for trouble.

The patrolling agents share information about what is happening on the network and use this to work out if hacking attacks are in progress.

In March the software agents were deployed on a test network which was then subjected to two days of attack by an expert hacker group from Sandia.

The agents successfully fought off every attack.

Granville Moore, a principal consultant at Network Associates, said the Sandia work was extending the methods security companies already use.

He said Network Associates' different security programs contained problems by telling each other if they had detected a security breach or virus outbreak.

Search BBC News Online

Advanced search options
Launch console
BBC RADIO NEWS
BBC ONE TV NEWS
WORLD NEWS SUMMARY
PROGRAMMES GUIDE
See also:

30 Mar 99 | Sci/Tech
Melissa virus goes global
09 May 00 | Sci/Tech
Police hunt Love Bug gang
04 May 00 | Sci/Tech
'Love' virus chaos spreads
08 Apr 00 | Americas
US struggles with cyber-crime
Internet links:


The BBC is not responsible for the content of external internet sites

Links to more Sci/Tech stories are at the foot of the page.


E-mail this story to a friend

Links to more Sci/Tech stories