Virus writers used to be stereotypical nerds – teenage boys in bedrooms, avenging what they saw as grievances against the world. Nowadays, the threat is more sinister – often, viruses are designed to steal information such as passwords or bank details, or to tie up a company’s computer system and blackmail them. Many of these new viruses are bankrolled by criminal gangs. Fortunately for the rest of us, anti-virus companies are also getting better at what they do, with plenty of money being invested in new research.
We visited the research labs of two anti-virus companies, F-Secure and Symantec, to see how that money is spent and to ask whether the fight against viruses is being won or lost.
To catch a virus
New viruses are caught in several ways. The researchers, who work shifts to provide 24-hour cover, set up ‘honeytrap’ computers, which are open to the internet without any form of protection, and effectively invite intrusion. They also handle virus protection directly for the networks of several large corporations – when one of these gets attacked, the companies can instantly take a sample of the virus. Finally, samples come in from interested users around the world, or from ordinary people’s computers, which report in when they see a new virus.
When a virus arrives, it’s assigned to a researcher. They investigate it to see whether it’s a new threat. Generally, new viruses are variants of ones that already exist, which means they’re relatively easy to identify and defuse.
The researcher will examine the code of the virus – each anti-virus company has its own set of tools to examine files. Some of these are publicly available, while others are private to the company. In general, they allow the researcher to look inside a program file (all viruses exist on a computer as program files, in some way) and see what it intends to tell the computer to do.
The tools also allow him or her to see what files are dropped on to the PC, what changes are made to the Registry, and what other settings are adjusted when the program is run. All of these things help researchers figure out how harmful the virus is and how quickly it might spread across the Internet.
Fighting back
Once a researcher figures out how the virus affects the computer, he or she can then devise an antidote – a piece of software that will remove those files and change the settings back to their original values. Many viruses use tricks to hide from the computer, so it’s hard to see what they are up to, but anti-virus tools can usually see through these. The researcher also has to write a ‘signature’ for the virus – a unique way to identify it, so that anybody running the anti-virus program will be protected when the program sees the virus’ signature.
Once the antidote and signature have been written, it’s a case of sending it to the quality assurance department for testing. These people make sure that the new signature is unique to that virus, and that the antidote won’t cause any problems on people’s computers. The package then gets added to the company’s next update – the next time a consumer’s anti-virus program checks in for an update, the new one will be downloaded, and the PC in question will be protected. Most anti-virus programs update themselves several times a day. It’s important to make sure the program’s list of virus signatures is up to date, so that new viruses can be picked up.
Windows, the operating system that most of us use, is the most targeted by virus-writers. That’s partly because it’s easier to get into and poke holes in, compared with operating systems such as Linux or MacOS. But the main reason it’s popular with virus writers is because it’s used by the vast majority of users. If a virus writer wants to get the most ‘hits’, he or she will want to attack the most computers, and that usually means writing a Windows virus.
That said, one emerging trend is viruses for mobile computers such as smartphones. Most of these new mobile viruses are written for the Symbian series of smartphones such as the Nokia N70. Both the companies we visited have secure shielded metal cages for testing these phones, which prevent other signals from getting in or out, so they can’t infect anything else. In future, mobile computers might be the next virus battleground.
Wasting viruses, not your money
The labs run by security companies are staffed by dedicated researchers, who can get the better of a new virus in a matter of hours. But if they’re so good at it, why do so many of us still get infected by viruses? Many people don’t have any computer security at all, and that lowers security for everyone. If one person allows a virus to get through, it can cause havoc for all. Generally, the answer to getting fewer viruses is as simple as making sure your anti-virus program is fully working and up to date, along with the firewall and other security programs.
Free and premium packages
With all this money being spent on expensive anti-virus labs, it’s hard to imagine how the free anti-virus programs (such as Avast and AVG) can compete. However, both of these free programs have big companies behind them, and both companies develop full-price products for homes and businesses as well. That means that they, too, can afford to spend money on research and development.
Free versions of the software are effectively being subsidised by companies and individuals who pay for the better features of the full versions. Also, all virus companies routinely share information about new viruses.
Paid-for anti-virus products provide support, which is lacking in free tools, but figures showing how comparatively successful they are at catching viruses are difficult to come by.
Subscribers 0
Fans 0
Followers 0
Followers