The Hindu Business Line : Keep `em out

THE Severe Acute Respiratory Syndrome (SARS) epidemic between November 2002 and June 2003 infected more than 8,000 people in about 30 countries and claimed more than 750 lives. There is no cure, even today, for SARS. However, quarantining people infected with the virus restricts the spread of the deadly virus.

This real-life example has been emulated in the information technology (IT) world. Trend Micro, a Tokyo-based anti-virus vendor, using the quarantine intervention concept has introduced Outbreak Prevention Services (OPS). The OPS delivers outbreak prevention instructions to customers by providing an early virus warning, thus helping IT managers prevent or contain outbreaks before (virus) patches, pattern files or network signatures are deployed. And it has worked well for organisations, says Niraj Kaushik, Country Sales Manager, Trend Micro India.

For example, an IT organisation in India with about 10,000 personal computers (PC) used OPS and was able to contain the virus spread to 40 PCs only. Outbreak prevention instructions can be deployed manually or automatically to block virus carriers and prevent viruses from propagating and jamming networks, says Kaushik. How did the company come about with the concept? According to Kaushik, till 1999-2000, anti-virus vendors, including Trend Micro, were providing software that could be downloaded to a PC to debug virus in that machine. Such conventional anti-virus software had to wait for virus to enter from the front gate — say an e-mail or a floppy. However, things changed after powerful viruses like Melinda and Code Red struck. These powerful viruses entered through the back door — a network layer — and using the vulnerability of the operating system, that controls all tasks of a computer spread like a wild fire, he says.

The conventional, signature-based anti-virus software comes with a database of electronic signatures of various viruses. It scans through the machine, identifies the virus (with such signature) and kills it. However, new viruses such as Melinda, Code Red and Sasser.A fooled anti-virus software, and even disabled such software. Sobig F, another powerful virus — had it spread properly — could have damaged the entire Internet all over the world in a couple of days, he adds. Trend Micro emulated the SARS quarantine method to find a prevention service, which alerted customers of the virus and gave specific instructions (like, "Do not open an e-mail attachment with a particular subject tag", etc) to be followed. This stopped the spread of virus in organisations. The company would later come out with a cure for the virus. It took nearly two years for the company, which has its research labs in Philippines, to introduce OPS.

Using OPS, IT managers need to download and deploy threat-specific instructions that help them deflect, isolate and stem outbreaks using attack management recommendations from TrendLabs, Kaushik says. "We tell customers that we cannot plug the disaster, but can only mitigate the disaster," he adds. For instance, the Worm_Sasser.A, a network virus, used network channels to spread and perform its infection routine automatically and do away with user intervention (opening an e-mail attachment or clicking on a malicious URL — uniform resource locator). On April 13, 2004, the vulnerability of the worm was discovered, and on May 1, 2004, Trend Micro declared Yellow Alert. The company then sent out outbreak alerts to its customers within two hours, and a virus response was sent within five hours. This prevented the spread of the virus, says Kaushik.

raja@thehindu.co.in

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Thumbs-up

Whose fault is it anyway?

Search! Is your job in the lexicon?

Dual booting problems

An impressive Tally

No to the mobile?

More heads are better...

Quiz

Find your way in the Badlands