To err is human. To spread the error across the Internet ... leave that up to new automated update systems. So say critics of two plans by antivirus vendors to automatically deliver updates to desktop PCs.
The systems for delivering antivirus updates are IBM's Digital Immune System, to be deployed by Symantec, and Network Associates' Rumor. They will respond to virus attacks by pumping the latest digital cures down to hundreds of thousands of PCs. In a few years, that number could be in the millions.
But are these automated antivirus offerings a panacea or the makings of a disaster?
"If they did everything perfectly, there wouldn't be a problem," said Fred Cohen, a security consultant, researcher, and author of the first paper on computer viruses in 1984. A single error, however, could transform the system from helpful to harmful, he said. "If the update gets corrupted, you are essentially sending
That's not so unlikely as it sounds. On Wednesday, an Oklahoma coal and natural resource venture reported that an update from McAfee.com had disabled 250 of the firm's machines for most of the day. In early October, updated definitions for Symantec's Norton Anti-Virus conflicted with Network ICE Corp.'s BlackICE firewall, shutting it down and leaving affected systems open to exploit.
McAfee and Symantec are not alone. Almost every antivirus maker has erred with its updates in the past. One reportedly missed detecting the QAZ Trojan in early October. Another dropped several old definitions from its lists, resulting in viruses thought to be a decade dead popping back up on computers worldwide.
With the new technologies, isolated incidents could become worldwide problems.
Today, program and virus-definition updates are posted to servers on the Internet, and wait there until clients download the data. In some cases, the process is automated, but good system administrators will test the updates, said Rob Rosenberger, antivirus industry watcher and editor of Virus Myths.
"In a large organisation, you need to know that the updates work with the software that's on the PCs," he said. "If you automatically update your executables, it may one day break your system."
Yet companies are the ones clamouring for a solution that delivers fixes as fast as possible. "In their mind, faster is better," said Rosenberger.
That's understandable. During the Melissa outbreak, antivirus software makers responded in many cases within 12 hours to the new macro virus.
For panicked customers, however, that wasn't fast enough. The number of unique visitors on McAfee's Web site spiked from an average of 350,000 a day to more than eight million, said Victor Kouznetsov, vice president of engineering and chief technology officer for Network Associates' MyCIO.com business unit. "Virus writers are always one step ahead," he said. "We need a system to help... them."
Well, fast is here. The Digital Immune System and Rumor are the antivirus industry's answer to outbreaks of digital diseases such as Melissa and LoveLetter. The Digital Immune System -- based loosely on an analogy of the body's reaction to disease -- pushes solutions down to individual customers as they become available.
Rumor, the technology announced last week by MyCIO.com, uses a more sociological analogy -- the passing of a juicy rumour between friends -- to deliver definitions by the currently vogue method of peer-to-peer networking.
Both systems will result in the latest definitions being distributed quickly to customers. That means less time for PCs to be vulnerable.
Yet, if an error creeps into either the definitions or update code -- or if the software conflicts with other applications -- it also means less time for companies and antivirus firms to react to the mistake.
Take me to Pt II/ Errors not unheard of
Take me to ZDNet Enterprise
To have your say online click on the TalkBack button and go to the ZDNet News forum.