Thursday, May 06, 2004
Sassy viruses doesn't up the ante
Sasser, the new blaster but not as tough apparently, seems to me to be causing pain. When you hear that the coastguard went back to pencil and paper, that banks in taiwan shutdown and the post office in germany shut for the day (and it wasn't a weekend), you have to wonder. Simon Moores ended up on the wrong end of it too, without even getting infected by it - simply because he needed to talk to people who were whilst he was moving house. Pricing the economic impact of that is pretty tough. In this post, which is also in Computer Weekly, he asks whether it's time Microsoft added anti-virus into the operating system. The easy answer to that is yes - but only if it's really anti-virus. That is, it's not a signature based engine but something that is *really* anti-virus, something that stops all known and unknown germs in their tracks. After all, Domestos doesn't have to be told which germs to kill when you pour it in the toilet bowl. It just gets on with it. I think a local solution is doomed. The folks at Microsoft let the world know about this flaw 2 weeks ago, 150 million people downloaded a fix, perhaps another 100 million or more had a firewall, another few million haven't switched on yet and the rest? Well, they probably got infected. So even if there was anti-virus software in Windows, who's to say that people would update it? I have friends who, when I visit their place, I see that little update icon in the bottom right of their system tray, winking away at them and they never seem to download and install the necessary updates. They certainly don't visit Windows update to see if there's anything else that they should install. Nope, the answer is not virus software of the traditional type in Windows. The answer is virus checking, both inbound and outbound, in every ISP. ISPs can move quickly to update their rules - they can even use multi-level detection, like Messagelabs does, to make sure that unknown viruses are checked. As far as I know, since we enabled Messagelabs on all inbound mail on the government networks, we have not seen one single virus - and that was done in response to Melissa (1999?) shutting down some departments for several days. ISPs are the ones that let you download viruses onto your PCs and so it's logical that they should stop it right there in their systems. Likewise, if you try and send some out, they should stop that - and prevent you from accessing their network until you have sorted your system out. That way, peer to peer message traffic will fall away and the 'net can get back on with its life. Of course, virus checkers such as those won't stop a Sasser - that's about firewalls, even the simple one that comes with Windows XP, or Zonealarm (which can be downloaded free - it's the one I use). Connecting to a network without a firewall (read this as having sex with someone in country X without a condom) increases the odds dramatically of you getting infected. If you were in country X and the lady was smart, she'd say no. Likewise, if you're smart, you'd say no. Surely it's the same for ISPs? Or for Windows - it pops up with enough messages about whether you really want to do something (like, do you really, really want to delete this email?). So how about "do you really, really, want to connect to the Internet with your firewall switched off? Click Yes to have Microsoft disclaim all liability for the health of your PC and leave you to be infected by a gazillion viruses that are circulated through the 'net right at this nanosecond". Would you say no?
Posted by Alan at Thursday, May 06, 2004