Mass-Mailing Viruses Could be a Thing of the Past

New research shows that reducing the 'window of vulnerability', or signature delay time, could make email virus outbreaks a rarity.





The window of vulnerability is the delay between the appearance of a new email-borne virus or worm, and the release of signatures by traditional anti-virus software vendors. Customers of managed email security vendors are not subject to signature delay times, owing to the use of predictive technology capable of detecting previously unseen viruses.

The research presented by Gabor Szappanos from Virus Buster shows that when a new mass-mailing virus emerges, it usually takes a few hours to gather enough momentum to result in an outbreak. If anti-virus vendors were able to reduce the window of vulnerability to three hours or less, mass-mailing viruses would have little if any impact. Findings from Andreas Marx at AV-test.org showed that the average signature delay time has only been reduced from 12 to 10 hours during the past year, demonstrating how wide the gulf is.

According to a report published by IDC in August 2004, proactive virus detection techniques are expected to be increasingly adopted by organizations to combat the more complex, fast-spreading threats of the future. The integration of proactive virus detection technologies with traditional signature-based anti-virus technologies will allow for a greater degree of accuracy in detecting known and unknown threats.

A survey of 125 European businesses published by MessageLabs in July 2004, indicated that 65% of businesses believe that the signature-based approach will either not be able to cope with the increasing volume and destructiveness of email viruses and worms in the future, or will be obsolete.

Alex Shipp, MessageLabs’ Senior Anti-Virus Technologist, commented: "While malicious code has developed at a rapid rate, traditional anti-virus software relies on the same model as it did 20 years ago. Virus writers have become adept at exploiting windows of vulnerability because they know that the delay around getting signature files out has a critical effect on the scale of an outbreak. Companies are realising that they cannot rely solely on the old methods and are looking for a more proactive approach, such as Internet-level managed services that can stop known and unknown virus threats immediately, before they reach an organisation’s network boundary."

See also:

• Bored Computer Virus Offers to Play a Musical Tune


• Kaspersky Anti-Virus Personal Pro 5.0 from Kaspersky Lab


• New Virus Poses as a Message from BitDefender

Permalink: Mass-Mailing Viruses Could be a Thing of the Past