Have you experienced any of these symptoms lately? Display of an unusual message, missing files, a file whose size has increased significantly, a slower computer, a sudden lack of disk space, an inability to access your hard disk? If you answered ‘yes’ to any of these, chances are you’ve been infected with a computer virus. And you’ve got plenty of company.
According to a recent study Ipsos-Reid study, The Canadian [email protected] Reid Report, 46 per cent of the country’s Internet users reported they have experienced a computer virus. Of those who have been infected, 39 per cent said they were forced to get their computer repaired as a result of damage.
Another study, Is IT Safe? Network Security In Canada, by IDC Canada noted that most respondents identified computer viruses as the greatest security threat.
Finally, according ICSA Labs of TruSecure Corp. in Reston, Va., 51 per cent of companies surveyed had at least one outbreak in 2000. It also found that 70 per cent of companies using firewalls are still vulnerable to the primary threats those firewalls are designed to address.
These findings mean e-mail vulnerability is a growing concern.
E-mail comprises over half the correspondence taking place between external stakeholders in today’s business world. Only 10 to 15 per cent of the e-mail sent is guarded by encryption.
And the costs to repair the damage caused by these viruses has been steadily rising. For example, the cost in repairs and lost productivity from the ‘I Love You’ virus was reported to be in the neighborhood of $8 billion.
A virus is a program designed to replicate itself without permission.
There are two major types: boot sector viruses, which affect the boot sector of any disks in the system and are run at start-up, ensuring they are always placed in memory before anything else on the system. These viruses may also prevent the system from loading. File-infecting viruses infect executable files and are triggered when the system files are run.
The infamous’Melissa’ macro virus awakened the masses to the effects of viruses. Released on March 26, 1999, it targeted MS Word 97 or 2000 users and rapidly spread through e-mail attachments. It propagated itself by attaching to the first 50 addresses in the victim’s address book, then subsequently attacked those addresses. Since the e-mail appeared to be from a trusted source, recipients opened it and were caught off guard.
The damage ‘Melissa’ caused was greater than any other previous virus, which have been in existence since 1980. In 1992 and 1993 the average number of new computer viruses, per month, was between 100 and 150. Most, however, were new strains of previous viruses. In January 1997, the average rose to 200 per month and in October 1999, anti-virus software developer Symantec Corp. reported 646 new viruses in just four days.
“We’re in a constant cat and mouse game,” says Robert Vibert, an Ottawa-based anti-virus consultant. “The situation is degrading — it’s getting worse and worse. Every month 300 to 500 viruses and worms arrive.
“Today, anti-virus software companies are distributing updates every two days. Question is: is everyone at the same level of protection at the same time? If not, their efforts can be futile.”
Although the cost of an attack is often difficult to tabulate, i.e. opportunity costs incurred, Vibert cites an example of a California division of a Canadian company that lost a $50 million contract because it sent virus infected documents to its customer. The customer lost confidence in the company.
More revealing aggregate cost figures are provided by Bill Poulos, an EDS Fellow and director of strategic development for EDS Global Information Assurance Services, based in Herndon, Va. who was in Toronto recently as guest of the Canadian Institute for Electronic Security & Privacy. (See sidebar.) In his presentation to security consultants and media, Poulos noted that 1999 virus damage was estimated to be $17 billion worldwide.
These costs seem staggering when one considers the consensus that the virus threat is very real and the abundance of anti-virus and firewall software with which to combat the problem.
One of the reasons for this, according to Rui Pereira, owner Wavefront Consulting in Vancouver, is the way in which anti-virus solutions are installed. Pereira has found that while most businesses and organizations safeguard their individual nodes, many neglect to install anti-virus software on the network servers.
“Anti-virus software needs to run on servers not just workstations,” Pereira says.
Anti-virus software tends to slow the network, says Pereira, and companies are often unwilling to accept the trade-off.
“Most of the hacks allow you to write files to Web servers,” he says. “If you run real-time anti-virus software it dramatically slows down the server.”
Pereira doesn’t hold much hope for ever finding a way to ‘immunize’ computers, for several reasons: the ease with which viruses can be altered; the inherent vulnerability of widely used applications; and the fundamental weakness of the communications infrastructure.
“Functionality is the enemy of security. The gaps can never be filled,” he says. “Virus kits allow simple changes in the characteristics of the virus. And people are too trusting, so it’s also a training and attitude issue.
“Microsoft Outlook allows these viruses to be written. There is an option on NT that allows the file extension to be hidden. Certain extensions shouldn’t be allowed to be automatically executed. Outlook and active code scripting capabilities encourage virus sending,” Pereira says.
The answer, according to Pereira, is better infrastructure. “The Internet is based on technology that is 30 years old. Anybody is on the network. Software must take into consideration that all people aren’t angels.”
The ease with which viruses are transmitted could be partially due to not having the expertise needed to implement the required protective technology, says Gus Malezis, Canadian general manager and vice-president of sales for Network Associates in Markham, Ont.
“You need at least two layers of protection, one on the workstation and another on the server. And sometimes small to medium sized businesses do not have the in-house expertise to implement the solutions,” he says.
Malezis adds that in terms of performance, an anti-virus application will only slow a server by two to three per cent, which is within the range of other office applications.
“We’ve come a long way in terms of eliminating performance degradation issues,” Malezis says.