But don't pop open the champagne bottles just yet. Although we may be better protected today than we were last year, we're still vulnerable to future threats. Even if every computer user in the world had some form of antivirus protection installed on his or her machine, viruses would continue to proliferate, says leading antivirus researcher Joe Wells.
Here's why: Most antivirus products are signature-based, meaning the vendor has to supply your antivirus software with unique code to identify each virus. Although many programs automatically update their signature files, there's a delay of several hours between the time a new virus hits the Net and when the update for it gets to your antivirus software.
And while most products can infer that certain new code may be malicious, these so-called heuristics rules are based on the known behavior of old, malicious code.
Wells is co-founder of WildList Organisation International, which publishes a monthly list detailing the type, number, and frequency of viruses circulating in the world. Antivirus researchers and vendors alike use Wildlist-collected viruses when evaluating antivirus products against real-world scenarios. As of Monday, Wells also assumed the title of chief antivirus architect at security company Fortinet.
I asked Wells about the lack of major viruses this summer. He says it could be due to a seasonal slowdown, which he's seen before during his six years at WildList. "There are seasons to the typical virus cycle," he explained. Often, virus outbreaks coincide with academic schedules, meaning they slow in the summer and pick up again in the fall, winter, and spring.
Over the years, Wells has also noticed that new types of viruses evolve in lockstep with Microsoft's advances. For example, DOS viruses died with the introduction of Windows, boot-sector viruses died with Windows 95, and macro viruses began to die out after Office 97. When asked if virus writers might be taking the summer off to learn XP and .Net, he declined to speculate.
Another reason we're at risk of contracting and spreading viruses, even if we use antivirus software, has to do with the way companies protect themselves, according to Wells. Most businesses use Internet gateway protection systems that block viruses on the mail server port. That only works until some employee logs onto his free Web email account from within the corporate firewall and, because he's bypassed the corporate mail server protection, downloads a virus.
While the virus won't spread outside the company (the company mail server's antivirus protection will stop that), it could still infect other employees. If enough people open the infected message, they could overwhelm or even shut down the mail server.
In addition to protecting their gateway, some corporations also install antivirus applications on each employee's system. But this isn't very effective. IT departments have trouble finding the time to regularly update everyone's antivirus signatures. And, because antivirus scanning eats up a lot of system resources, many employees simply turn the apps off.
That's why Wells is touting hardware antivirus solutions at the gateway. They offer speed and security without compromising desktop performance.
Hardware protection is a key part of the solution offered by Fortinet, one of several companies that's developed antivirus network protection systems for Internet gateways. Fortinet's solution is faster than software-based antivirus protection, yet it still relies mostly on old-style pattern-matching techniques. When I asked Wells what he thought about the innovative, non-signature based antivirus technologies such as Okena StormWatch, he defended pattern-matching technology as the most reliable method to date for stopping viruses.
Wells doesn't believe his work at Fortinet will conflict with his participation in WildList. Throughout the organisation's history, he and other board members have worked for competing antivirus vendors. He encourages industry cooperation at WildList and has a similar commitment from his new employer.
In the end, Wells thinks we'll continue to see a similar number of viruses each year. But with better antivirus products, he predicts we won't see as many large-scale disasters, such as Melissa and ILOVEYOU.
I hope he's right.
How does your organisation plan to defend against the next major virus outbreak? Tell us through Talk Back!
