Virus protect blurb attacks AV community - but no help for mobile users

by Nick Scales | posted on 23 August 2003

Current anti-virus products are obsolete, says this opinion piece - by the seller of a rival technology. We have reprinted it, because it makes a good point - but what about the mobile user? And more importantly, where will it end?

Anti virus technology used to work, when viruses were carried on floppy disks and later CDs and their propagation was limited and more often than not accidental.

The problem is that technology and use of computers has changed, viruses have changed, virus writers have changed, but the anti virus technology has only evolved slowly and it is now in the wrong place and out of date.

The concept of having protection on your computer to announce you are being or have been infected was OK when there were few viruses and they arrived on a floppy disk. It was even acceptable when it spread by local email servers: the impact was very local and the virus had little chance to spread.

The Internet has made things hugely worse and the Anti Virus vendors just cannot deal with it. Now you have 600 million computers to protect, all of whom can infect each other.

The whole internet can be infected in hours. SQL Slammer infected 90% of vulnerable hosts in 16 minutes. Mimail and Sobig have infected millions of computers, even though the anti virus products have been around for years and claim to be effective.

Dr Alan Solomon - the grandfather of the current anti virus products is saying the same - that AV is out of date and there must be a new way.

Anti virus vendors blame Microsoft, they even blame the poor end user, saying that they do not keep their software updated. They blame everyone but themselves - who are charging you for security products - and then state that there is no other way.

Traditional AV does not address the incubator community - those people who have no AV, or those users who cannot or do not understand the need to update hourly. This is not their fault. They are being rational. How can you tell a home user they need to update their virus signatures hourly?

This is one of the fundamental flaws of current anti virus. It protects the computer and is reactive to new threats. It cannot protect totally against new viruses.

Traditional AV cannot and never will protect the Internet and stop propagation. The incubator community would not be a problem if anti virus could protect The Internet itself.

The world needs an anti virus technology that really works, an anti virus solution that is not reactive but just stops all known and new viruses. A technology that provides immediate protection without updates. A technology that does not rely on the user actively doing something and that can be embedded into the Internet to provide true protection"

Avecho GlassWall is this technology, it works, it is available now, and the anti virus vendors just want to keep it hidden from you.

Nick Scales is CEO of UK company avecho - (but web site is not friendly to non-Microsoft browsers).

Guy Kewney writes: This isn't the first piece I've read suggesting that anti-virus companies have a stake in the status quo. I've even heard quite sensible people who think that some AV protection vendors actually pay virus writers to produce new products.

But conspiracy theories apart, it is clear that Internet "detachment" from the content is at an end. My own ISP, Merula, hasn't let a single copy of Sobig-E through its email server. Every other mail provider has stood back, and forwarded the infection; MSN, Hotmail, Yahoo, and so on.

And when you hit the road, who you gonna call?

A mobile user working through mobile phone GPRS or over a WiFi hotspot would rely on the hotspot provider installing something like Glasswall, or on seeing the phone network provider install it.

Something like that would work. Whether it's Avecho that gets installed or something comparable from a more established AV company, is impossible to say. One has to be sceptical about the chances of a small startup overtaking the big guys - especially when that small startup can't even put together a web site which works with Mozilla, or even with Internet Explorer on a Macintosh! - but it's clear that the war has moved into a new phase.

In the past, ISPs would take the view that they simply couldn't afford to install extra hardware to scan every item of data going through their wires for malicious code.

Today, it's starting to look as if they will not be able to afford not to. The sheer volume of malicious code transmitted by their clients has reached the point where it is swamping their networks.

What's not clear is this: where will we expect them to stop?

If we require our ISPs to protect us from dangerous code, where do we draw the line? Executables, yes? - what about an executable which unpacks an indecent image as a screen saver? what about a political message from a terrorist group? what about a political message from the Government?

As soon as the Internet infrastructure starts interfering in the free transmission of transparent data, it is creating a stick with which it can be beaten by politicians. "No offshore tax havens are allowed to send data into our country," for example.

Most anti-virus experts have predicted that this worm isn't a one-off; that there will be more and more like this. "Something must be done!" is what people will say. The growth of mobile computing makes it clear that it has to be done inside the network.

And then, what?

You can discuss this article on our discussion board.