Home » Data Protection » Malware/Cybercrime

Antivirus: Great Business, Lost Cause

Signature-based scanning software ultimately can't keep up with the high-speed proliferation of viruses and worms

By Simson Garfinkel

November 08, 2002 — CSO — Here's a paradox: The business of antivirus software has never been better. And yet the long-term prognosis in the antivirus battle has never been more bleak.

This fall, the "National Strategy to Secure Cyberspace" stated that all home and business users need to install antivirus software on their computers and update their systems on a regular basis. Most CSOs and CIOsdare we say all of them?by now realize that it is irresponsible to deploy computers without antivirus protection. Nevertheless, the war against computer viruses and their authors is stumbling. Tens of thousands of computer viruses are in circulation. Symantec's Security Response website reported 81 viruses discovered during a 30-day period this fall. Academics who follow viruses say that that figure understates the threat. "Currently we are seeing new computer viruses and worms, targeted at [Microsoft Windows], reported approximately once every 75 to 90 minutes, on average," wrote Gene Spafford, computer science professor and director of Purdue University's Education and Research in Information Assurance and Security, in the 2003 AAAS Science and Technology Yearbook. There's a key bit of information in Spafford's linethe bit about Windows. Now this is not an anti-Microsoft rant; all operating systems have displayed vulnerabilities over the years. But the reliance throughout corporate America on a single OS means all of our eggs are in one basket. There's a solid argument to make that in the long run, all the antivirus add-ons in the world won't stem the tide of viruses and worms. Diversity is going to be a necessary element of successful antivirus defense.So Far, So LuckyIn the United States, the worms that have been the most successful at propagating have inflicted comparatively little damage on their inflicted hosts. The Melissa, I Love You, Nimda and Code Red worms infected tens of millions of machines in a day and cost corporate America more than a billion dollars in "lost productivity" (although it's unproven that being without your e-mail for a day really constitutes lost productivity). Aside from sending out a lot of e-mail and clogging servers, though, those worms didn't fundamentally damage the computers that were infected.

Compare that with what happened to Korea on April 26, 1999, when more than 1 million computers had their hard drives wiped and their system BIOS erased by the CIH/Chernobyl virus. In many cases, damaged systems required new BIOS chips or motherboards. Total losses were pegged at $250 million in hard dollars.