Antivirus firms develop peer-to-peer protection

McAfee is just one company working on techologies to combat viruses such as the recently-released Gnutella worm

Antivirus vendor McAfee is working on techniques designed to combat viruses engineered to spread through peer-to-peer applications such as the popular MP3 file sharing tools Napster and Gnutella.

Peer-to-peer file sharing gives individual PCs direct access to other computer systems on the same network. In the case of Napster, this makes it possible for music files to be shared with considerable ease, although antivirus experts believe that it could enbable other, more malicious files to also spread with epidemic speed.

McAfee is investigating the risk. "The McAfee ASAP group already has code developed for peer-to-peer technology," said Vincent Gullotto, senior director of research at Network Associates. "We're looking into it because we have to."

It is clear that virus writers have not ignored the potential of peer-to-peer applications, either. Just weeks ago a proof-of-concept computer worm was released for the Napster clone Gnutella. Masquerading as whatever file a MP3 file a user requests, the worm relies on users in order to spread, but nevertheless demonstrated that not just MP3s can proliferate with peer-to-peer technology.

According to Gullotto, antivirus functionality would most likely be adapted from existing antivirus products and could be incorporated into peer-to-peer products themselves. He said existing virus signature checking engines could easily be adapted for such applications.

Gullotto also said that peer-to-peer applications need to have greater functionality in order to pose a more significant virus threat. He suggests that they need to cooperate with an operating system in a similar way to email applications such as Microsoft Outlook in order to allow viruses to spread quickly. Outlook gives scripts access to such features as its address book as well as the wider operating system, which allows viruses to spread more efficiently.

"It's not clear how they are moving forward with the technology," said Gullotto. "If things move in a more automated fashion, security will need to be built in."

Graham Cluley, chief technologist with UK antivirus firm Sophos, suggests that existing antivirus software, which detects viruses however they reach a computer system, may be sufficient. "I don't think there is a need for a peer-to-peer antivirus product," he said. "Although there may be an advantage for network providers have antivirus software in the future."

Paul Myers, chief executive of UK-based file sharing company Wippit, said antivirus functionality is something his company is considering. "It's a good idea that was suggested to us a while ago," he said.

Filtering out potentially malicious files may not prove so easy, however. Napster is currently working to create software that will prevent files that have not been granted copyright freedom being traded between clients. The company concedes that identifying files by name does not always stop copyrighted material from slipping through the net.

Take me to the Virus Workshop

Take me to ZDNet Enterprise

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read what others have said.

Show Comments