Jump to content

Holes found in PC virus defences


Recommended Posts


People using Windows computers were unprotected against new viruses for 56 days this year, research shows.

Security firm Ironport counted how long it took anti-virus firms to produce an antidote following the first appearance of a malicious program.

It found that, on average, anti-virus firms took 17 hours to respond to new threats.

Some viruses took far longer to tackle and in one case specific defences took more than three weeks to appear.

Data delay

Ironport gathered its statistics from its monitoring system that looks at incoming and outgoing e-mail traffic for more than 100,000 organisations.

Matt Peachey, Ironport's Northern Europe regional director, said that watching this flow of traffic helps it spot outbreaks as they start because all the messages carrying a virus tend to be of a similar size.

For instance, he said, a sudden influx of messages bearing zip file attachments 60-100 kilobytes in size could signify that a novel virus is starting to spread.

"Something like that really stands out from normal internet traffic," said Mr Peachey.

Sometimes updates to anti-virus programs for new viruses appear quickly, he said, but in many cases users are left vulnerable for many hours.

For instance, said Mr Peachey, the first antidotes for the Sober virus appeared, on average, 16 hours and 14 minutes after a new variant was first seen online.


By contrast the Bagle and Mytob variants took far longer to tackle. In total, users went unprotected against Bagle variants for 79 hours and 25 minutes.

Mytob took far longer - 496 hours and 16 minutes for protection against all variants to appear.

The 56-day total emerges when all the time taken by anti-virus firms to produce specific defences for viruses is added together.

One factor in the data is the sheer number of variants in some virus families. Many virus-writing groups attempt to overwhelm anti-virus defences by pumping out versions that differ only slightly from each other.

The more variants in a virus family, the longer total time it will take firms to react. At last count there were more than 100 variants of the Mytob virus.

Graham Clulely, senior technology consultant at security firm Sophos, said anti-virus companies did not solely rely on specific signatures to combat virus threats.

Many anti-virus scanners use heuristics and fingerprinting type techniques that can identify malicious programs before they are well-known and named.

"These know a piece of code is from the same family," he said. "We can see the relationship even though it has not been seen before."

"They are so similar to existing variations that we are going to block it," he said.


Link to comment
Share on other sites

  • Replies 0
  • Views 2k
  • Created
  • Last Reply


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...