In 1988 a small computer emergency response team spun off from the Defense Advanced Research Projects Agency (DARPA) in the US. Based at Carnegie Mellon University, CERT (Computer Emergency Response Team) set about troubleshooting virus outbreaks as they occurred on computer systems throughout the world, and it would appear they were just in time. In their first year of operation, CERT responded to six outbreaks. Ten years later, they responded to 3700 and the exponential growth did not stop there. In 2000 CERT responded to 21,600 virus outbreaks, bringing the total number of recognised viruses to 57,000.
With statistics like these driving the market, it is little wonder IDC is predicting the antivirus software market will grow at a rate of 24 per cent year on year, hitting the $100 million mark in 2005.
Stemming infection rates
Just as urbanisation lead to a dramatic increase in the cross-infection of human diseases, interconnectivity has lead to a dramatic increase in the ease and rate at which viruses spread. Alex Nemeth, managing director of IT security services company Zento, points out that the first step in maintaining computer hygiene is to identify the points through which viruses can enter a system.
"We begin with an assessment to ensure that all points of entry are covered off," Nemeth said. "One of the big flaws of the industry is the assumption that once virus software is installed a system is safe."
According to Nemeth, 80 per cent of infections come through e-mail, but resellers need to be vigilant on a number of different fronts.
"A recent survey we received showed that 95 per cent of all businesses had bought into virus protection, but at the same time, 87 per cent had experienced some kind of outbreak," Nemeth said.
These rates of infection are a concern for vendors and security integrators alike, which are increasingly being asked to provide some kind of assurance of the integrity of their service.
Richard Baldry, managing director of antivirus vendor Sophos, believes much of this can be attributed to a certain level of maturity in the market.
"We are moving from a time where the primary aim of the IT department and industry generally was to get IT infrastructure installed and functioning, to a time where they are paying attention to the types of systems they are installing," Baldry said.
Frances Ludgate, business manager for Computer Associates' eTrust line, has observed a similar development in buying patterns as the business community came to terms with online technologies.
"At first it was about getting online and getting e-business happening. Everybody was very gung-ho about where they were going to take their company via the Internet and not really thinking about security," Ludgate said.
While the business world was awakening to the potential of high-speed communications, virus writers were getting more devious in terms of the nature and spread of viruses.
Ray McIntyre, channel sales manager for antivirus vendor McAfee Australia/NZ, believes that the turning point came with the Melissa outbreak.
"Melissa changed the world," McIntyre says. "Suddenly we started seeing mass mailers which constantly mutated and played on people's familiarity with e-mail."
After the Melissa virus first turned up on the scene in March 1999, variants continued to haunt the byways of the information superhighway for the following 12 months.
In the same way that AIDS brought hedonistic free love to a screeching halt in the eighties, viral attachments such as "I love you" and "Anna Kornikova", saw IT managers across the world take preventative measures against infections.
If it's not on, it's not on . . .
While the lion's share of business uses some kind of antivirus protection, industry pundits are concerned they have been tricked into a false sense of security. As per usual, much of the blame is placed at the feet of the media.
Any reseller will tell you that virus outbreaks thesedays lead to a dramatic increase in antivirus software sales, as the popular press whips up pandemonium about the threat such viruses pose on the humble home PC. However, by the time the shiny new disks have been loaded on to the hard drive, and the papers are being loaded into the recycling van, "kiddie coders" are already cracking holes in the most recent versions of the virtual protective sheathes.
For this reason, there is an onus on antivirus vendors to be increasingly proactive in both identifying potential threats as well as providing solutions.
To this end McAfee's McIntyre places emphasis on the importance of monitoring the online chat rooms, which serve as nurseries for many viral outbreaks.
"The guys that write these things can't help themselves. They all get online to brag about what they are doing," McIntyre said. "Most of them are not very sophisticated or are simply repeats of past viruses, but every now and then we pick up something that has the potential to do some real damage."
Most antivirus packages these days offer ongoing updates from the centralised Web site which monitor fresh viral outbreaks. However, as Danny Maher support services director at integrator NetStar points out, at the enterprise level this approach can lead to overlaps and bottlenecks as end users clamber for access to the signature files.
"Imagine what happens when at 9am, when everyone turns up to work and hits the vendor site to get the signature file for the latest virus," Maher says. "While people are trying to get around the bottleneck to get to the software update, the company is placed at risk."
NetStar has found a way around this concern by using a push rather than pull technology. The antivirus software update is sent through to the first computer which comes on in the morning, it is then spread using the so-called rumour technology from peer to peer within the network.
This kind of solution is a good example of the sorts of value adds the channel is able to provide with security and antivirus software solutions. It is also symptomatic of a market that is increasingly focused on taking the security onus off the end user.
According to Andrew Tune, general manager of security services at e-security specialist integrator eSec, the traditional antivirus model where the user implements the solution in the way they see fit is simply too risky for today's computing environment.
"A lot of the systems are based on a pull model. The problem is that you can't tell centrally if the pull model has failed, and all you are buying is a false sense of security," Tune said.
Shifting the blame
eSec's Tune believes many consumers become convinced they are buying the antivirus equivalent to a Ferrari, when in fact they are buying a re-sprayed Commodore.
"What people don't understand is that you don't solve security problems with bits of technology, you solve it by using bits of technology appropriately," Tune said.
Despite an increasingly sophisticated and mature IT market, most industry pundits who spoke with ARN believed that the biggest holes in antivirus defences are those that sit facing the monitors.
"You have to take the end users out of the equation," McAfee's McIntyre said. "What is the point of having a state-of-the-art scanning program on every desktop if the end users simply come in and turn it off because they think it slows down their system."
At the enterprise level, corporations are also under increasing pressure to maintain high standards of virus protection within their organisations, lest their brand be tainted with assertions that their IT systems are not secure.
"Companies are now faced with the added burden of looking after their own exposure in terms of the media," Zento's Nemeth points out. "While it is exciting to have high levels of connectivity with customers and other companies, businesses are coming to terms with the fact that this means they also have to provide high availability and ensure a virus outbreak won't bring the whole system offline."
According to Nemeth, managed security services are openly sought out by the high end of the market place, where businesses are increasingly closing the gap between the role played by their IT infrastructure and the sorts of assurance required by such demand. eSec's Tune has noticed a similar move which has seen industry seeking security specialists and reliable managed services.
"You wouldn't go to you local GP for heart surgery," Tune said. "And the same is true for security offerings."
However, managed security services are also making inroads in the SME sector, with McAfee's McIntyre describing it as the biggest growth area for managed security services.
"We are designing managed security offerings that actually allow SMBs with access to enterprise-level security at a per-seat pricing," McIntyre said.
According to McIntyre, one of the biggest challenges facing CIOs is sourcing skilled security staff.
"Even large companies are having trouble finding and keeping highly skilled people with security experience," McIntyre said. "Smaller businesses simply don't have the budgets to put them on, so they are in the market for a security solution that provides them with that level of service."
As a result of this move towards integrated, managed security offerings, antivirus software vendors are increasingly likely to be working in conjunction with other security vendors.
Chris Polous, managing director of Trend Micro, believes security vendors need to place an overall security solution within reach of their end users.
"People are getting fed up with having to juggle a series of different software solutions," Polous said. "Having an integrated approach formed at the vendor level and implemented through our integrator partners cuts down on the finger pointing when problems emerge."
Polous uses an airport metaphor to demonstrate the roles different vendors play in an integrated security solution.
"Integrated security is a bit like airport security, immigration is a bit like the firewall, certain messages are simply refused entry in the first place. The luggage is then scanned by customs, just as antivirus software scans attachments, and finally intrusion detection is on the look out for stowaways and others who have made their way into the system under false pretences," Polous explained.
The trend towards an integrated, managed approach to security has not been lost on market analyst IDC. In a recent report into the security market in Australia, Natasha David predicts that individual antivirus products will be gradually replaced with suites of antivirus products, bundled with a major service component.
While antivirus vendors are no doubt concerned over the delivery methods of such services, some remain convinced that the channel opportunities will continue to expand.
"There are some in the industry that are trying to sell periodic software updates as a managed service," Tune said. "There is more to it than that. You really have to understand the business requirements of the end user, and in order to get that close to the end user the vendors need channel partners."