Common ground: uniting against the virus threat

In the last few weeks, the mainstream media has been full of reports of virus threats, each predicting doom and gloom with cataclysmic effects on business.

But outbreaks - with a few exceptions - have left most companies unaffected. The main sufferers have often been the security experts - they greeted the recent 'Resume - Janet Simmons' virus threat with tired sighs, but were confronted by IT directors clamouring for stout defence as soon as the news hit the headlines.

In the aftermath, suffering from battle fatigue, the vendors seem unanimous about the need to prevent widespread panic and hype by establishing an independent benchmark for grading viruses. But how realistic is the idea?

Mikko Hypponen, research manager at Finnish security company F-Secure, agrees with the general principle of a filter body outside the media for governing virus alerts, but reckons the idea is virtually untenable.

He said: "Technical managers at anti-virus firms are eager to share malware [virus, worm and Trojan] codes and fixes but the sales and marketing departments at these companies often want to prevent it as anyone with a fix to the problem will receive much of the desired publicity."

Security experts claim the Love Bug worm garnered more media attention worldwide than any computer virus to date, and according to Graham Cluley, senior consultant at security firm Sophos, the media's eagerness to report any sniff of a new virus is fuelled by the "computer virus equals top news" syndrome.

"Computer viruses are no longer the privilege of geeks," Cluley said. "The need to understand basic technological concepts is growing and companies aspire to create awareness across all levels. When the threat is as global as the Love Bug, anything remotely similar makes interesting enough headlines."

But in the midst of all this short-lived hysteria, it's often easy to forget the plight of those who fight at the frontline - the network administrators and managers. After all, blame often ends up squarely at their feet when systems crash.

It's the IT managers and their colleagues on the helpdesks who are swamped with thousands of phone calls from angry users - no one remembers the software vendor or the reporter.

Bill Moore, systems engineer at Danfoss Flowmetering, highlighted the need for a down-to-earth approach and said that exaggerating threats wouldn't be an issue if software was more secure. "The Love Bug penetrated well-maintained security systems because of the function in the software - the automatic execution of JavaScript in Outlook," he said.

Moore added: "To grade viruses may well be useful but it obscures the issue. The media should be addressing the flaws in the software rather than seeking out the next big sensation."

Beyond the politics and headlines, F-Secure's Hypponen said he'd like to see a unified effort to catch the virus writers. "We're all here for the same reason - to ensure our systems function seamlessly. If we are going to spend time fighting over grading, the real issue becomes blurred. Crooks still remain at large."

The strategic weapon in a war against viruses remains vigilance. All parties involved in tracking viruses - software vendors, users and the media - have a responsibility to work together to cut the hype and address the real issues.