ALMOST 20 years since the first antivirus program was developed, computer viruses still strike all too frequently. So are there any new defences under development?
The bad news is that Microsoft’s much vaunted future operating system, the Next Generation Secure Computing Base or NGSCB, formerly known as Palladium, will not cure the problem. An NGSCB-enabled PC will have a dedicated microchip that authenticates all communications, ensuring for instance that no virus can gain automatic access to personal data – such as your contact lists – in a secure area of the PC.
But it will not stop all viruses. “NGSCB will certainly help isolate malicious code from your sensitive data, and give you more control over who can access that data, but it won’t stop viruses or worms from spreading per se,” admits John Manferdelli, a security expert at Microsoft.
Advertisement
If the world’s biggest software house can’t help, who can? Hewlett-Packard is trying to detect and mitigate the spread of viruses and worms using a technique called virus throttling, which controls the volume of network traffic flowing in and out of a PC. The system examines every packet of information that travels out of a PC to determine whether it is likely to be spreading a virus, and blocks suspect packets. Computer users may try to connect with other computers up to once a second. By contrast, viruses may make hundreds of connection attempts per second, making it easy to see when a machine is infected.
Virus throttling sets a limit on the number of connections to one per second, drastically reducing the ability of a virus to spread. This buys antivirus companies time to create a patch. Jonathan Wignall, chairman of the UK’s Data Network Security Council, says that while throttling could provide a worthwhile interim solution, a more fundamental answer is needed. “Worms and viruses propagate so fast because they exist in an effective monoculture. Nearly all desktop PCs run a Windows system of one sort or another, and that’s what most exploit,” he says.
Alan Solomon, a British computer consultant best known for creating the Dr Solomon’s antivirus software, suggests mail-out worms like SoBig could be combated by making people pay for the emails they send. If users had to buy e-stamps, paying a penny for each email they want to send, then email worms like SoBig would only be able to inflict a limited amount of damage before the stamps run out and the emails stopped. But Wignall doesn’t think this would work. “There is no way you would get people to start paying for something they are accustomed to having for free,” he says.