[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 5 May, 2004, 11:26 GMT 12:26 UK
Defences tested by virus attacks
Stopwatch, Eyewire
The time to react is shrinking
The reaction times of companies are being tested by the accelerating rate that new viruses, worms and other forms of malicious code are appearing.

Research by security firm Qualys shows that code to exploit 80% of vulnerabilities appears within 60 days of the announcement about that weakness being made.

Often though firms do not even have that amount of time to react.

For instance, it took virus writers only 32 days to produce the Blaster Windows worm after a patch was announced for it.

The Sasser Windows worm, which hit computers this week, was put together only a couple of weeks after the announcement of a patch for the loophole was put online by Microsoft.

Worst was the Witty worm, that targeted ISS software, which appeared only two days after a patch announcement.

Open Windows

"This whole area of vulnerabilities and protecting large corporate organisations from exploits and vulnerabilities is the closest the security world gets to a horror story," said John Meakin, group head of information security at Standard Chartered Bank speaking at the recent Info Security trade show.

BA planes at Heathrow, PA
BA planes were grounded by Sasser
The time it takes firms to react to security problems can make them worse, said Gerhard Eschelbeck from Qualys who runs the vulnerability research program.

Statistics gathered by Mr Eschelbeck found that it takes about 30 days to fix 50% of the systems vulnerable to a particular worm or attack.

"This window of exposure is way too big," he said.

The delay in applying patches usually comes about because firms need to check that an update to close a loophole does not break some other program key to keeping a company running.

Mr Eschelbeck's research found that some viruses and exploits that have been fixed are now starting to return.

The Slammer and Code Red viruses were starting to turn up again, he said, because many firms putting new servers online use a standard set-up that does not close known loopholes.

Attack pattern

Many network security bosses fear the day of a so-called zero day attack that uses a vulnerability no-one has spotted and for which there is no patch.

Increasingly firms are assuming that, at some point, they will be caught out and are preparing for what to do in such an event.

"If you accept that you are going to be hit you must have some reaction force or insurance to reduce the impact of the hit," said Paul Stimpson, global head of technology risk management at ABN Amro.

Key to an effective reaction, said Mr Stimpson, was knowing much more about the networks a company is running, what machines are being connected to them and how important each system is to the whole corporation.

Latop computer, BBC
Remote and home workers pose new security problems
Paul Simmons, global information security director at ICI, agreed. He said: "The first problem is understanding what you have connected to your network."

Mr Simmons said his technology infrastructure encompassed 330 sites in 55 nations and up to 55,000 devices on the networks that link everything together.

Many firms use monitoring systems that get to know normal network use and then flag up any sudden surges that might be the result of a virus outbreak or hack attack.

Contingency plans for an outbreak often now involved firms ranking their different networks by importance and focusing on the most critical ones if they are hit by an attack or large virus outbreak.

As a result less important networks and departments may be left to suffer during outbreaks.

Many of the largest corporate users of technology are coming together into groups such as the Jericho Forum in which they share information and ways to deal with security breaches.

David Lacey, director of security and risk management at the Royal Mail, said co-operation was growing out of a realisation that good security must take into account trading partners do too.

"It's no good just having your own backyard sorted," he said.


SEE ALSO:
Spammers and virus writers unite
30 Apr 03  |  Technology
Viruses thwart security measures
02 Mar 04  |  Technology
Hackers exploit Windows patches
26 Feb 04  |  Technology
'Protect PCs' Microsoft users told
11 Feb 04  |  Technology
Hacker hit parade goes live
05 Aug 03  |  Technology
Pickpockets turn to technology
17 Nov 03  |  Technology


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific