United Kingdom (ZDNet UK) - It has come up with a way of stopping quick-spreading email viruses before they get out of control, which doesn't rely on traditional virus-detection methods.
The Defence Evaluation and Research Agency (Dera)--an MoD agency--on Tuesday unveiled software that detects when a virus is attempting to send emails to all the names in your address book--the way such bugs as ILOVEYOU and Kournikova caused such widespread havoc so quickly. The software requires you to authorise any such action, theoretically nipping global virus attacks in the bud.
The new software, ::Mail, is a response to growing concern about the vulnerability of corporate and government computer systems to viruses. Dera's Simon Wiseman, who led the Dera's software development team, said the group used MoD experience with preventing confidential information leaks to come up with the ::Mail concept.
The ILOVEYOU virus caused chaos around the world last May when it overloaded the computer systems of large companies such as the BBC and Microsoft, and caused an estimated £2bn of damage. In February an email purporting to carry pictures of tennis star Anna Kournikova spread twice as fast as ILOVEYOU.
Despite their scope, however, such viruses are relatively simple, and all operate on the same principles: they encourage a user to open the email and launch an attached Visual Basic Scripting (VBS) file (which may be disguised as an image file). On some PCs, the file may even be run automatically as soon as message is viewed.
The VBS file then causes the email application to automatically send copies of the infected message to all the names in the user's address book. The message seems all the more innocuous because it is usually being received from an acquaintance.
Despite the apparent simplicity of Dera's solution, experts note that the problem has never been a technically difficult one -- rather, it is a matter of encouraging users and companies to take the necessary steps. For example, if all Windows users turned off Visual Basic Scripting, viruses such as Kournikova would not be able to spread at all. Microsoft has been criticised for its failure to remove the Windows Scripting Host that allows VBS files to operate.
Ultimately the success of ::Mail will depend on whether users and organisations get around to using it. "It's not going to do anything at all unless people install it," said Jack Clark, European product manager with antivirus company Network Associates.