• Investment World
• eWorld
• Catalyst
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest

D. Murali

Is there any breather from those viruses? Yes. A recent study indicates that firms using PC firewalls were much less harmed by those big bugs of 2003 than those that depended on antivirus software alone.

BEFORE the advent of widespread computing, the only worms we knew were mostly in vegetables and intestines, and viruses were something that kept doctors busy. In the hi-tech, networked life we live, there is ample space for all these in the disks and cables, and there are enough to share with all the millions who have their fingers in the cyber-pie. At the end of 2003, we sit and take stock of what the big hits were that we took from wormy villains, and virus werewolves, only to find that during the year, three large-scale Internet worms — viz. the W32/Blaster worm, the MS/SQL worm, and the Sobig (Welchia) worm — made the lives of many a company miserable. "For some, the impacts of these worms were non-events," chronicles Aberdeen Research in one of its recent papers. "For other organisations, the result was noxious, ranging from a day or two of downtime to a week or more before business operations could be resumed." Unfortunately, the antivirus software that was in place did not prevent business disruption. The logical question, "Is Antivirus Software Becoming Irrelevant?" is, therefore, the title of the research paper. We need solution, so, it is more important to find out "what can be employed to prevent lost business, impaired customer service, high recovery costs, and worse from being experienced again — into 2004 and beyond?"

It is well known that the very strengths of the Net - such as common network channels and system flexibility - become the vulnerabilities exploited by worms "to deposit executable payloads on unprotected PCs and PC servers." Thereafter, these menaces would gain access to the local corporate network's resources and go on to taint other PCs and PC servers in the same network. "None of these worms were initially stopped with antivirus software. Does this mean that antivirus software has lost its potency to inoculate the enterprise from the new form of business disruption?" asks Aberdeen.

An antivirus product has to inoculate against fresh attack and also help recover from viral payloads. "In-flight and on-disk data patterns are matched to a known `software viral signature.' The key for this system to work is that a loss event must be known to the underwriters (antivirus software suppliers)." If, despite antivirus, an outbreak happens, the manufacturer develops an antidote factoring in the new virus signature and delivers the patch - a process that can "take anywhere from a few days to a week or more during which period, business operations that depend on the use of IT systems are exposed."

What are the costs of protection? The paper pegs the average annual cost of antivirus software at $25 per user - "$15 for software and $10 for labour to maintain the inoculation patterns" - something that "far outweighs the alternative of replacing the system and data."

It should be remembered that, just as there are no free lunches, there are no guarantees in the networked world - that evil forces would not prey on useful data, or that business would not come to grief because of computers grinding to halt because of malicious intruders. So, the wise thing to do would be to have some form of `self-insurance', which is what antivirus software is.

In contrast, a typical PC firewall screens input for virus hitchhiking inbound payloads. It also blocks unauthorised outbound communications to unknown locations. Wrigglers going out "largely undetected, throughout the bowels of the corporate network" act as "reverse worms, use hijacked network services at co-location service providers, Internet service providers, and other Internet communications services providers."

How do they track these "new beasts"? Network packet sniffers offer one solution, and they act true to their name, eavesdropping on the network traffic, and acting like a telephone wiretap that allow law enforcers to listen in on other people's conversations. Alternatively, you may configure your server firewalls to integrate `application-level controls'; these would "stop the new exploits from establishing inbound beachheads in the first place". As important as prevention is cure, so "adding the protective features of the PC firewall to the recovery-focused capabilities of antivirus software only makes sense." In 2004, there is potential for "a combo package that will deliver antivirus, PC firewall, and antispyware," anticipates Aberdeen.

The study reported in the paper indicates that firms using PC firewalls were much less harmed by the major software worms of 2003 than those firms that depended on antivirus alone. "In fact, several of the latter firms replaced their antivirus software with PC firewalls." Advice, therefore, for firms not currently using PC firewalls to start the `brickwork' in 2004. A corollary finding is that the user base of antivirus software is bound to shrink as long as such products don't incorporate "application-to-network behaviour detection and blocking capabilities that are found in PC firewalls." The new infection that is attacking antivirus products could therefore be: Irrelevance.

ITworks@thehindu.co.in

Article E-Mail :: Comment :: Syndication

Stories in this Section
Lemme in

Copyright © 2004, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line