Wednesday, January 28, 2009

Bring in the troops

In recent weeks, the Conficker virus has been causing a lot of havoc everywhere – account lockouts, network congestion and a lot of headaches. People running Symantec anti-virus software know the same virus as “Downadup”, and that’s not the 1st time a Virus gets labeled differently by different companies. After all, there’s no single authority that investigates viruses, but that got me thinking – maybe it’s time we had one.

With things as they are now, it takes the anti-virus market some time to react to new viruses. Each AV vendor gets samples from its customers, analyzes them and issues signature updates to its product. Each vendor uses its own methodology to assign a priority, and as a result, some vendors take longer to react. In the Conficker case, for example, Symantec’s product is still unable to remove the infection today, almost 3 months since the virus’s first appearance. Even when an update is issued, it’s usually available only for customers of AV vendors, while users with AV software are stranded (We’ll discuss the stupidity of not having AV software on your computer another time).

When a new type of virus or disease appears in the real world, no one waits for Pfizer or Bayer to classify it and inform the public. In the USA, we have the Department of Health and Human Services and the CDC (Center for Disease Control), as well as other federal agencies like FEMA to help manage outbreaks. Since computer worms and viruses do have an economic impact, which could easily reach disastrous proportions (like in the case of worms such as MS Blaster, Code-Red and Sasser), I feel that this sort of thing should definitely be at-least shared by the governments of the world. A Federal Malware Research Center could bring some order to this wild field, and have the necessary resources to inform the public of new threats and how to manage them.

And another thing, while we're at it...we should stop giving worms "cool" and distinctive names. Maybe if the latest virus was called "The Dumbass 1", virus writers were a little less proud of themselves. Now seriously, a malware's name is not a big deal, but it's sad to say that the press today is still glorifying viruses, thereby encouraging low-self-esteemed jerks to write them. Writing a virus is stupid and detestable, and this message should be delivered clearly whenever the issue is discussed in the media - no discounts or exceptions.

No comments: