Anti-virus vendors in the firing line

And so another virulent worm is unleashed on the internet. And once again, anti-virus vendors stand accused of hyping the threat beyond reason.

When the news of Nimda broke last night, silicon.com received a press release from one well-known AV vendor that carried the headline: "Nimda worm causing internet mayhem."

Then we received another release this morning from net performance monitoring outfit Keynote. Its headline ran: "No effect so far on overall internet."

Since then, the worm has indeed been proven to have legs (if you'll pardon the pun), but the question remains: why the disparity in these two statements?

Well, obviously it's in the interests of the AV software sellers to sell more software. Exaggerating the impact of a virus is one way of doing just that.

But you've got to have some sympathy for these companies. If they didn't warn the online community about a threat then they'd be widely castigated.

If they'd issued a release saying "New worm pops up - but don't worry, it's not very dangerous," it's unlikely the US Attorney General would have raised the issue at his press briefing yesterday, an act which undoubtedly spread the word far and wide - and quickly.

The hype may well have helped companies take preventative measures and prevent too much damage being done.

To use the hackneyed phrase, they're damned if they do, damned if they don't.

On silicon.com this week, even before Nimda appeared, there has been much debate about the role of ISPs in blocking viruses and worms. Some say they could play a huge part in limiting the damage any virus causes. Indeed, some ISPs do block viruses on their users' behalf.

So why don't they all? Expense is one thing. The legal niceties of an ISP monitoring the contents of its customers' emails are another.

Tomorrow, you'll be able to see a video interview on silicon.com with the man who kicked this whole debate off - David Perry of Trend Micro. He thinks ISPs are indeed shirking their duties to protect the integrity of the internet and, of course, that of their customers' computing resources.

We'll return to the subject on this week's Behind the Headlines programme on Friday as well, where we'll hear from ISPs who don't think it's their job to take responsibility - and some individuals who agree with Perry.

It's one of those issues with more questions than answers, but as far as the anti-virus vendors go, the verdict must be one of 'not guilty'.

Even if they've gone a bit OTT this time, anything that raises awareness of the very real threat viruses and worms pose - and the action you should take to protect yourself - has to be a good thing.

But do watch out for those vested interests.

For related news, see
Virus guru slams 'hysterical' security firms
http://www.silicon.com/a47524
Virus warning: Code Red variant emerges
http://www.silicon.com/a47497
ISPs shun anti-virus responsibility
http://www.silicon.com/a47493
Code Blue strikes
http://www.silicon.com/a47350
'Code Red ate my bonus!'
http://www.silicon.com/a47050