Melissa will go down in history as the virus that changed the way we look at e-mail. No longer do we trustingly double click on attachments looking for a bit of a laugh; no longer do we allow months to pass before seeking an update for our anti-virus software.
Goner, the most recent mass mailer outbreak was proof of this.
-Goner had the potential to be as big as Melissa," said Sophos' Paul Duckman. -But it looks like all that education is finally paying off. I guess it means we have won one battle, but we certainly haven't won the war."
Interestingly, Goner will also prove to be a test of legal responses to virus writers, with four young Israelis confessing to their role in the creation of and unleashing of the virus in early December. While the four high school students aged 15 and 16 will probably escape a harsh sentence, given their age, the case will nonetheless provide an interesting test bed for courts all over the world.
Globetrotting evangelist for beefed up responses to Internet security, Cyberguard's Henry, believes there are still too many countries without proper legal responses to virus writing.
-There have been significant improvements in terms of laws governing the creation and spread of such viruses," Henry said. -However, we also need to lessen the impact of these things."
Henry also pulls no punches when it comes to assigning blame for viral outbreaks, saying that there is no excuse for an organisation to allow itself to be impacted by virus outbreaks, or hack attacks.
-Eventually we will have the power to track these people down and shut them right out of the Internet. I don't care if you represent an orphanage," Henry says. -If you are spreading viruses by not properly protecting your IT infrastructure you are to blame, and eventually you will be subject to litigation and legal proceedings."
If Henry's predictions prove to be true, companies and organisation found not to have properly protected their IT infrastructure, will in the short term be subject to litigation on behalf of the companies affected by the viruses.
However, in the longer term he believes harsh penalties for providing insufficient security will effectively force companies to protect themselves.
This may have repercussions in the anti-virus software industry, as Henry also predicts a weakening of the licence agreements that protect the vendors from litigation if a product fails to perform.
-We are currently facing a situation where most firewalls provide inadequate protection, yet the vendors are in no way accountable for security breaches resulting from such inadequacies," Henry said.
It's sad that people focus their efforts on producing code that damages rather than actually putting their skill to work in a constructive manner. Does writing a virus that destroys a strangers work or crashes an IRC server really prove talent, ability or maturity.... or is it the technological equivalent of scrawling your name on the side of a train.
It's putting the onus on to users to spend time and money on antivirus tools, and rely on the antivirus vendors to keep one step ahead (one of the better products at that from www.nod32.com.au) and implement firewalls (such as from www.tinysoftware.com) and other security / anti-intrusion mechanisms.
Outlook and IIS often have the finger pointed at them as exasperating the problems, but Linux servers are just as vulnerable. The press 'slamming' of MS is often seen as legitimising the anti-social activities targeting the Win32 platforms.
The problem is, as the counter-measures get better the virus code will have to become more efficient, effective and stealthy... and to get the attention the juvenile writers desire the results of a successful infection will have to be 'bigger and better'
The worst may well be yet to come, but there's a lot of things that responsible sysadmins, ISPs, AntiVirus vendors, and the press can do to reduce the hysteria spinning, ego-pandering attention that is generated with each new virus