Unfortunately, a lot of smart people write those viruses, and they continue to hold the high ground because conventional antivirus scanners detect a virus only after it has released its disruptive payload. And the bizarre game of leapfrog begins anew.
To end the cycle, forward-looking antivirus vendors are experimenting with heuristics, a proactive technology that seeks to identify patterns and prevent viruses from gaining a foothold in your system.
For example, with mass-mailer viruses such as the I Love You debacle, heuristics could notify a reader that an application is trying to access his Outlook address book or request confirmation when more than, say, ten emails are queued for sending.
"We know the characteristics of the common types of viruses, we have their fingerprints," says Vincent Weafer, director of Symantec's antivirus research center. "Based on that, we can predict how new viruses will work and design countermeasures."
Complementary research underway at Symantec, McAfee, Computer Associates, IBM, Trend Micro, and other antivirus vendors also seeks to understand what's in the mind of virus writers.
The researchers then try to use that knowledge to fortify against an attack on popular targeted systems, typically Win32 OS, Microsoft Word, Outlook, and wireless devices such as PDAs or WAP-enabled mobile phones.
