SECURITY - Under attack
Devastating viruses with deceptively demure names are the latest threat to our hard drives. The industry needs a fresh weapon in the anti-virus battle.
There can be little doubt that the Easter outbreak of the Melissathreat to our hard drives. The industry needs a fresh weapon in the anti-virus battle. virus, which ran rampant around the world over the long weekend proved that, even in this day and age of anti-virus software, there cannot be too much security.
That said, traditional virus systems are not as widespread in UK corporates as anti-virus software vendors would have you believe. In addition, the internet has become a devastating vehicle for email-disguised viruses.
The rise in use of Net-based methods of attack has led to the creation of Web-based systems that fly in the face of traditional ones. Far from shrink-wrapped, these systems could provide another way to sell security to a tough audience.
First, a look at the effects of recent viruses and current attitudes.
At the Infosec '99 show at London's Olympia late last month, several vendors compared anecdotal evidence of virus outbreaks. OnTrack, for example, reported that support calls to its data loss helpline had rocketed by 1,000 per cent in the wake of the infamous CIH (Chernobyl) virus attack.
The CIH virus is notable because it has been infecting PCs on the 26th day of each month since last summer, but arrived in its most dangerous form on 26 April. As a result, OnTrack says, within 24 hours of that date, hundreds of calls had come into its service centre from users in need of a data recovery package. This figure, the firm claims, is still rising.
Despite the surge of calls for its service, Ben Allen, general manager of OnTrack, says it has been able to recover 100 per cent of the data lost by victims who have called its European service centre. According to Allen, in the few days after the CIH virus hit, OnTrack engineers saw the virus attack systems in two ways. In between 10 and 15 per cent of the cases, the computer simply won't work.
'When the CIH virus causes damage to the basic input/output system (BIOS), the PC will not boot and the virus attempts a flash overwrite to the BIOS.
In these cases, users need to remove the hard drive and send it to OnTrack for an in-lab recovery,' he explains.
In the other 85 to 90 per cent of failures, the virus destroys vital data on the hard drive. At this point, the hard drive is not accessible.
'This is an ideal situation for us to get involved with, particularly as we can recover the data remotely via a modem,' Allen adds.
The plethora of anti-virus systems available to dealers on display at the Infosec show confirms the sheer force that these little programs can have. At best, PC users will find their machines infested with pop-up messages, at worst, they could lose their data. In a survey carried out by Hewlett Packard in March, it was discovered that UK organisations have the worst record of data loss in Europe, yet, curiously enough, they are the most confident of their systems' efficiency.
The findings were the results of market research into information storage on a pan-European basis, conducted with 500 IT managers across six countries by Infratest Burke InCom, an independent research company. It found that the UK is more vulnerable to data loss than France, Germany, Italy, Hungary and the Czech Republic, with 14 per cent of UK respondents having suffered a significant data loss in the past two years.
In addition, the research found that 36 per cent of these have lost data on two or more occasions during the past two years. The statistics also showed that information storage practices in the UK are among the least efficient in Europe. While 75 per cent of UK respondents protect data by backing up to a remote location, for 41 per cent of respondents, manual procedures still form a significant part of their information storage process, even though 32 per cent of data loss is caused by human error.
HP's research also found that 56 per cent of respondents do not have a formal policy on the issue, and of those that do, 48 per cent do not always adhere to it. Interestingly, HP found that UK IT managers were also most likely, at 60 per cent, to admit that they will need to invest more in storage in the coming year. Despite this, 91 per cent of UK organisations said their information storage systems are efficient and 15 per cent said they believe their investment in storage is 'more than sufficient'.
HP also found that UK IT managers are most likely, at 36 per cent, to be extremely confident of the reliability of their systems.
According to David Barnby, director of the information storage group marketing centre at HP, in many ways UK organisations provide an extreme example of attitudes held throughout Europe. 'Within UK companies there is a serious mismatch between perception and reality when it comes to the reliability of information storage procedures and systems,' he says.
'But it is reassuring to see there are plans to raise investment levels in 1999.'
While there are the more obvious anti-virus packages available to dealers to stock, there are also some very interesting - and profitable - services that can be marketed.
One such service is NetStore's remote anti-virus management technology.
NetStore Anti-Virus Management is claimed to be one which will help protect business laptop users from hostile viruses by using the internet or corporate extranet to ensure that protection is always available.
The idea behind the service is that it provides control over a company's fleet of laptops - and over their impact on host systems - by ensuring the effectiveness of mobile anti-virus measures. Jeff Maynard, chief technology officer at NetStore, says executives expect to be able to access corporate data at any time, from anywhere.
'The laptop computer has become as much a tool of their trade as the company car,' he explains, adding that such wide use of laptops means regular exposure to alien software, which in turn heightens the threat of viruses both to the laptops themselves and to their host systems.
'The Virus Management service, checks each laptop automatically and transparently to confirm its anti-virus status every time the laptop is remotely connected,' Maynard says. Whenever a remote user connects to their host system, it can also detect whether they are still running anti-virus software, while ensuring they are using up-to-date data by transmitting and installing the latest virus signature tables.
For added security, management reports can identify users who have switched off their anti-virus software for any reason. It can even institute a lock down on the laptops, a measure which NetStore says prevents their owners turning off or changing the settings on their anti-virus software.
In effect, the Anti-Virus Management service allows a company to use its preferred anti-virus software, but uses its own network infrastructure and management software to ensure the software is being used effectively.
Another company taking an online approach to virus problems is ISP Star Internet, which has just launched its business internet service with the seemingly unique proposition of offering an email scanning facility for viruses, trojans and other nasties.
According to Jos White, marketing director at Star Internet, the company is using anti-virus software from Network Associates and Sophos on its servers. The service is available as an optional free extra to email routed into and out of the company's email server.
White says the company is processing about 800 emails daily through its virus checking facility, and has observed that, on average, about three per cent of messages are infected with a virus or trojan horse problem.
Using the service, when an email is encountered that appears to have a virus or similar security risk, the message is shunted into a special area of the server, and the Star subscriber notified of the problem. In addition, where appropriate, the message sender is also notified that there may be a problem.
According to White, Star wants to sell its services through dealers and has a reseller programme in place. Under the scheme, dealers get a 25 per cent bonus of the first year's income generated through Star's products.
As part of the programme, partners will receive ongoing training, participate in joint seminars, and work with Star to develop tailored marketing campaigns.
They will also be offered a Web presence and URL link to Star's dedicated reseller pages. White notes that the recent outbreak of the Melissa virus has highlighted the need for companies to be more alert to the dangers of email-borne viruses.
'The results were potentially catastrophic, but using virus scanning technology, we caught 100 viruses in less than 24 hours. A reseller's customer would see this as real added value,' he explains.
Star is also offering resellers the chance to resell its NetTools range of internet-oriented security software. In addition to NetTools, Star partners can get its Netstar Enterprise and Small Business Edition software, Web hosting services, security products and consultation.
One area of anti-virus sales that few resellers are exploiting is that of virus insurance. A quick glance at almost any customer business insurance policy will reveal that consequential losses due to virus infection are almost invariably not covered by routine insurance.
An Israeli company, iRiS Software, has the answer in the form of its own policies, which the Tel Aviv company is promoting through various sales channels. According to Alan Komet, manager of worldwide marketing at iRiS, virus insurance promises a fast response by the Technical Analysis Response Alert System (TARAS) and the delivery of a cure for viruses.
'Customer service and support are the cornerstones of our business,' he says, adding that PC users need more than just a good anti-virus product.
Closer to home, meanwhile, Sophos, located in Abingdon, has launched a Cyber Security School, which offers dealers and other interested parties access to a series of training courses.
According to Sophos, the school is open to anyone wishing to defend themselves against the threat of the internet, Windows NT security loopholes and computer crime. The company claims that, with the number of computer viruses increasing at a rate of between 300 and 800 per month, Sophos is giving cadets the chance to learn how to fight against security risks.
Courses include Best Practice for Sophos Anti-Virus, and Advanced Internet Security, which looks at how to attack the problem of hackers and spamming through corporate audit and control.
'Setting up a core force of security cadets will enable companies to meet a broad range of threats head on,' explains Paul Ducklin, head of research at Sophos. 'Hands-on experience gives confidence to the people who are defending IT systems, and the courses will make sure they are fully equipped to tackle the security issues surrounding their business.'
Also on offer is a Computer Crime and Misuse course which deals with computer fraud, hackers and organised computer crime. Delegates can learn what measures are in place to investigate crimes and what steps businesses should take to protect themselves.
At the Infosec show last month, Sophos claimed it had made a breakthrough in anti-virus software, by introducing the industry's first multi-platform anti-virus application. The software - an integrated package for PC and Macintosh computer platforms - is the first multi-platform edition of the company's Sweep anti-virus technology.
According to Ducklin, the idea behind the integrated version of Sweep is that it delivers a consistent approach to corporate anti-virus protection.
In use, the software is claimed to be the only package of its type to provide simultaneous, cross-platform on access scanning and software updates.
Jason Holloway, country manager for corporate data security company Data Fellows, claims that all of the services arriving from various vendors in the anti-virus and IT security business sectors are a sign that the anti-virus market has, at long last, reached maturity.
As a result, Data Fellows has been repositioning itself over the past few years, away from the shrink-wrapped security software and towards concentrating on adding value.
Holloway says, just two years ago, Data Fellows was perceived as an security product company, very much in the process of supplying shrink-wrapped security software to the user. Today, however, it is trying to be seen as an enterprise security supplier.
The reason for this subtle change in the vendor's approach to dealers is due to a trend that Holloway has recognised in the anti-virus business - the arrival of the small user, home user side of the channel.
This is a category of user that has evolved from the Soho segment of the market, explains Holloway. The evolution of the small user, home user segment of the channel for anti-virus software will, he predicts, usher in a period in which prices for shrink-wrapped applications will tumble.
'Prices will drop over the coming months and, as a result of this trend, you will see the arrival of public domain versions of existing anti-virus software. Symantec has already revealed that it is entering this section of the market,' he notes, adding that, while there is the definite possibility of such free applications devaluing commercial versions in the eye of the market, it also allows vendors to push their commercial editions further upmarket.
'For the commercial market, we envisage that prices will remain stable in the longer term. There will be short term changes - that's something that's quite normal in the software business - but the long term pricing will be static,' Holloway adds.
He believes that commercial anti-virus software is a lot more than simple shrink-wrapped applications. Its appeal, he told PC Dealer, lies in the savings that it can make for a medium to large-sized organisation.
'The key plus point with modern anti-virus software is that it has been designed to function over a Lan or an enterprise network installation,' Holloway explains. By tailoring software to this environment, vendors can ensure that the management side of administering the anti-virus packages is greatly reduced, he adds.
'The appealing issue here is that such software can be sold by the dealer as a way of reducing total costs of ownership (TCO) in the anti-virus field,' he says. 'TCO is a significant issue in most businesses and, as a result, the value of a piece of anti-virus software is not so much in the software itself, but in its ability to reduce the TCO.'
According to Holloway, when assessing which anti-virus application or service to sell, dealers should ask themselves the basic question of, "Who benefits, and who loses out?".
'We are re-introducing added value, as well as offering centralised management and lower TCO issues with our software,' he claims, stressing that the issue of adding value is one that dealers must not miss when it comes to anti-virus applications.
LOCK UP YOUR SERVERS
A computer virus called Melissa apparently started on 26 March in Western Europe and, by the close of business on 29 March, was reported to have spread around the world, causing havoc with tens of thousands of PC users' operating systems and hard drives.
According to Network Associates, the virus was allegedly posted to the alt.sex usenet group as an anonymous message and, within a matter of hours, had started to spread worldwide.
If the user tries to open a Microsoft Word 97 (or subsequent version) document, the virus takes hold. It takes 50 addresses from the user's personal address directory in the MS-Outlook or Outlook Express programme and then sends the same e-mail to those 50 people. The result is congestion on a user's PC or a company's mail server when the virus activates.
The spread of the virus appears to have been caused by the fact that it operates as an attachment to regular mail items and substitutes the subject of the message to 'here's the file you asked for,' or a similar variant.
Since the messages the virus is attached to were from legitimate mailbox users corresponding with friends and colleagues across the internet, recipients unwittingly clicked on the file and automatically infected their own PC and, in a company environment, the complete mail server system.
After the virus has attached itself to a raft of outgoing messages, it then proceeds to trash the mail server or a PC hard disk, as appropriate.
Srivats Sampath, general manager at Network Associates, says the virus appeared to have a worldwide effect. He said the vendor had received calls from customers around the world by the close of business on 26 March.
'This is going to be a very big exposure,' he said in a press conference call as the virus started hitting PCs around the world. 'The proliferation of this virus is something we have never seen before. It is very, very fast,' he added.