Fear of viruses and poor AV protection growing

The majority of European businesses are bracing themselves for a barrage of computer viruses which they fear are going to increase in frequency and destructive potential over the next decade. And few believe they have the protection in place to weather the storm.

Three-quarters of businesses surveyed said they believe viruses will become more dangerous, while two-thirds believe the frequency of attacks will increase, according to research conducted by MessageLabs.

Given the massive increase in virus activity over the past couple of years Natasha Staley, information security analyst at MessageLabs, says it's very likely this alarming growth in malware will continue.

But of greatest concern to the antivirus industry however will be the fact that many businesses believe time is running out for companies whose protection from malware now lags worryingly behind the advances being made by virus writers.

According to separate research from the FBI, 99 per cent of enterprises have antivirus protection and yet during 2003 82 per cent were attacked by a virus, resulting in over $200bn in losses.

Therefore it is perhaps unsurprising that only 35 per cent of respondents to the MessageLabs survey expressed confidence in traditional antivirus software while 43 per cent said they are no longer confident about the protection it affords. Almost a quarter of respondents (22 per cent) said the changing face of virus threats means traditional antivirus products will be obsolete within the decade.

MessageLabs' Staley said much of the problem is because of the inherent "sacrificial lamb" approach to signature-based antivirus - the chance that somebody may 'need' to get infected with a virus in order for others to be protected.

"This research shows that customers are starting to lose faith in traditional antivirus solutions," said Staley. "It can be very frustrating for companies who are still be getting caught out despite doing everything they can to protect themselves."

Much of the problem is with the rapid propagation of worms and the fact traditional antivirus is inherently reactive. The phenomenon of the 'Warhol worm' which spreads rapidly - and enjoys '15 minutes of fame' - has often done its damage long before patches have been put in place or a signature-based antivirus solution database has updated.

Often that process of updating signature files and putting a fix in place can take anywhere between six or seven hours and a whole day.

Security software firm Finjan, which claims to proactively stop viruses by scanning and monitoring all active content on a network, such as executables and other potentially malicious code, refers to this as a 'window of vulnerability'. In essence this window exists from the point a vulnerability is known until the point when it is fixed. Any exploit released into the wild during that time can cause serious harm to a business.

Nick Sears, vice president EMEA at Finjan Software, said: "Many of the current AV solutions are excellent at recognising and blocking viruses that currently exist, but cannot cope with new internet attacks."

The very nature of signature-based antivirus, at its most rudimentary, means there is always a danger some customers will be hit, in order for others to be protected.

Finjan's Sears added: "As a result, it is purely a question of luck as to whether you or your competitor is hit in this interim period."