Virus alerts run amok
- 19 March, 2002 11:17
Considering the rate at which virus attacks are increasing and the speed with which they can wreak havoc throughout an organization, causing billions of dollars in damage, it's surprising (and distressing) to consider that there's no standardized alert system. Stranger still is that it's taken until now for someone to speak up about it.
Listen to a partial roll call of offending code: Melissa, Loveletter, Anna Kournikova, Nimda, SirCam, Magistr, Myparty, Code Red and the devastating Love Bug.
Review the damage: replicated files, frozen PCs, crashed e-mail and routers, defaced sites, gigabytes of corrupted or modified data, and lost productivity and opportunities.
Any of this sending a chill down your spine?
You undoubtedly run your desktops and most servers on Windows, a favored entry point for even mildly ambitious hackers. Your users are probably still opening unsolicited attachments or, worse, sending such attachments along to others. And the growing popularity of instant messaging systems is attracting the next generation of viruses and worms, like Coolnow, which targets users of MSN Messenger. By the time you figure out what's going on, it's often too late. The damage is done.
On an annual basis, the bill is pretty steep. Research firm Computer Economics Inc. estimates the worldwide economic impact at US$12.1 billion in 1999, $17.1 billion in 2000 and $13.2 billion in 2001. A big chunk of the jump in 2000 was from the Love Bug, which alone caused $8.75 billion in damages.
Even with the best of intentions, and armed to the teeth with firewalls, antivirus software and attachment segregation policies, it's difficult to stay current. McAfee.com claims to detect more than 53,000 viruses and other types of malignant and parasitic software. Competitor Sophos claims to have discovered 739 viruses last month; its product can now detect some 72,569 viruses.
The latest virus to incite panic was the Klez.E worm, which turned out to be a dud. Had it been a bona fide threat, users would have been hard pressed to find much direction and aid from the competing plethora of warnings and alerts issued last week from an equally dizzying array of vendors.
Klez.E worm was the last straw for a lot of people, users, analysts and even some vendors. They're fed up with the hype and conflicting warnings. They ought to be.
So three cheers for Kenneth Bechtel, an antivirus specialist at Tyco Electronics/AMP Inc. who did more than grit his teeth. He sent an open letter to the AntiVirus Information Exchange Network, urging its members to agree on a more accurate description of their alert levels. Some consistency would be nice, too.
The six major antivirus vendors, which issued six different threat levels for Klez.E, agree that there should be a standardized warning system. What we need now is for someone to grab the ball and run with it. The vendors have to look past their particular niche strengths to find the commonality in these attacks and build a warning system around that. Users need all the help they can get figuring out which pieces of malevolent software are worth worrying about.
If the Bush administration can reduce assessments of terrorist threats to five colors, each indicating a specific level of risk, the antivirus community can surely manage something similar sometime soon. Patricia Keefe is editorial director at US Computerworld.