Businesses 'don't trust traditional antivirus protection'

Firms are increasingly fearful about the potential of damage by virus attacks - and they don't have faith in antivirus products keeping them safe

The majority of European businesses are bracing themselves for a barrage of computer viruses which they fear are going to increase in frequency and destructive potential over the next decade. And few believe they have the protection in place to weather the storm.

Three-quarters of businesses surveyed said they believe viruses will become more dangerous, while two-thirds believe the frequency of attacks will increase, according to research conducted by MessageLabs.

Given the massive increase in virus activity over the past couple of years, Natasha Staley, information security analyst at MessageLabs, says it's very likely this alarming growth in malware will continue.

But of greatest concern to the antivirus industry, however, will be the fact that many businesses believe time is running out for companies whose protection from malware now lags worryingly behind the advances being made by virus writers.

According to separate research from the FBI, 99 percent of enterprises have antivirus protection and yet during 2003 82 percent were attacked by a virus, resulting in over $200bn in losses.

Therefore it is perhaps unsurprising that only 35 percent of respondents to the MessageLabs survey expressed confidence in traditional antivirus software while 43 percent said they are no longer confident about the protection it affords. Almost a quarter of respondents (22 percent) said the changing face of virus threats means traditional antivirus products will be obsolete within the decade.

MessageLabs' Staley said much of the problem is because of the inherent "sacrificial lamb" approach to signature-based antivirus -- the chance that somebody may 'need' to get infected with a virus in order for others to be protected.

"This research shows that customers are starting to lose faith in traditional antivirus solutions," said Staley. "It can be very frustrating for companies who are still be getting caught out despite doing everything they can to protect themselves."

Much of the problem is with the rapid propagation of worms and the fact traditional antivirus protection is inherently reactive. The phenomenon of the 'Warhol worm' which spreads rapidly - and enjoys '15 minutes of fame' - has often done its damage long before patches have been put in place or a signature-based antivirus solution database has updated.

Often that process of updating signature files and putting a fix in place can take anywhere between six or seven hours and an entire day.

Security software firm Finjan, which claims to proactively stop viruses by scanning and monitoring all active content on a network, such as executables and other potentially malicious code, refers to this as a 'window of vulnerability'. In essence this window exists from the point a vulnerability is known until the point when it is fixed. Any exploit released into the wild during that time can cause serious harm to a business.

Nick Sears, vice president EMEA at Finjan Software, said: "Many of the current AV solutions are excellent at recognising and blocking viruses that currently exist, but cannot cope with new Internet attacks."

The very nature of signature-based antivirus, at its most rudimentary, means there is always a danger some customers will be hit, in order for others to be protected.

Finjan's Sears added: "As a result, it is purely a question of luck as to whether you or your competitor is hit in this interim period."