Worms Come Under Attack

Anti-virus vendors work on technologies that will keep outbreaks such as the ILoveYou virus at bay.

When the ILoveYou virus swept through corporate networks around the world last May, it took everyone by surprise—especially anti-virus software developers.

As the one-year anniversary of the Love Bugs attack passed last week, McAfee Corp., Trend Micro Inc. and other anti-virus vendors were working on new technologies and strategies that they hope will reduce the likelihood of another outbreak of that scale.

McAfee, a division of Network Associates Inc., in Santa Clara, Calif., is working on ways to add a technique called sandboxing to its products. Sandboxing identifies and isolates suspicious code in a virtual environment and then observes its behavior.

If the code attempts to open the Outlook address book or modify a file, for example, the operation is stopped. McAfee does not have a release date for the technology at this point. Some anti-virus vendors, including Pelican Security Inc., of Chantilly, Va., already use sandboxing. Pelican said its software blocked the Love Bug.

This week at the NetWorld+Interop show in Las Vegas, McAfee will introduce a new managed security offering for service providers. The McAfee ASaP service will be a completely hosted offering that will enable service providers to deliver managed anti-virus services and updates to users. McAfee will host the service and provide continuous monitoring and updates via its Rumor peer-to-peer delivery technology.

Trend Micro, for its part, has developed a technology called ScriptTrap, a part of its InterScan AppletTrap product that is capable of identifying and filtering unknown Java and Visual Basic scripts at the server level.

The company is also looking at ways to protect potential infection points on a network: the Internet gateway, the operating system, applications and wireless devices, said Trend Micro officials, in Cupertino, Calif.

By their own admission, the anti-virus vendors—which make their living protecting users from malicious code—were utterly unprepared for the new breed of Visual Basic script virus. Anti-virus products had no way of stopping such viruses, a fact that helped the Love Bug become one of the most widespread and fastest-moving worms in recent memory.

Security administrators said that the anti-virus vendors have come a long way in the year since the Love Bug hit.

"There are some solid improvements," said Mark Amos, manager of information security at Owens Corning, in Toledo, Ohio. "Were getting much better early warning from our [anti-virus] suppliers."

But even with the tools they have in production and in development, anti-virus vendors say they are still fighting an uphill battle—not only against virus writers themselves.

"People have definitely gotten better about opening attachments, but then again, there are some customers who wont update their software for 12 or 16 months," said Vince Gullotto, senior director of Avert Labs at McAfee.