In early March, employees at a handful of US corporations received an email with the subject line: ”FW: Naked Wife.” Workers gullible enough to open the email attachment quickly discovered that many of their .ini, .exe, and .com Windows files no longer existed. Without those files, Windows-based computers make swell paperweights.
Unfortunately, Naked Wife was just another in a long list of computer viruses to sneak past corporate firewalls. In fact, the recent rash of malicious code — from Chernobyl to Code Red to Sircam — has some observers wondering if current antivirus strategy makes sense. A few critics believe vendors should be designing applications that actually strike preemptively. Such software would eliminate new viruses that display pathologies similar to known viruses — in essence, mimicking the human immune system.
Science fiction? Maybe not. The latest iteration of Symantec’s popular Norton AntiVirus software (version 7.5, corporate edition) includes something called the Digital Immune System. Designed in partnership with IBM, the system is intended to snuff out a virus before it spreads.
It’s an intriguing concept. When the software detects suspicious code, the file is automatically sent from a corporate user to the closest ”immune system gateway” via the Internet. If a known virus is discovered, the gateway automatically transmits a cure back to the customer. If the analysis reveals a new virus, it triggers an immune response –a process that typically yields an antidote in less than an hour.
”Our technology can do within an hour what it used to take human developers many hours to do,” claims Steve White, senior manager at IBM’s antivirus research group. According to Symantec, the company’s Anti-Virus Research Center can issue fixes for 90 percent of all viruses within 24 hours.
Of course, the remaining 10 percent can cause serious damage. And Kurt Schlegel, a senior analyst with technology research company Meta Group, points out that even a 24-hour turnaround may be too slow: ”Certain auto-spam viruses spread incredibly fast.”
Still, any speedup in response time would seem to be an improvement. ”We can’t provide an antidote fast enough to keep every single virus from spreading,” White grants. “But having an antidote ready in a few hours sure beats waiting a few days.”