ARN: Why is the antivirus market growing worldwide?Ian Hammeroff, business manager of eTrust security solutions at Computer Associates: Probably for two reasons. One, there's been a great deal of media outrage due to such things as the Melissa and Love Letter viruses, and a number of other well-publicised virus threats that really put into the average person's mind the need for an antivirus solution.
It also brought to light what is out there - what sort of threats exist. Large organisations which have already adapted antivirus solutions believe a lot of the press about Love Letter and Melissa, which have really raised the awareness of the need for solutions, as well as the need to update and maintain them. That is why the market is growing, and growing into new areas other than just file system protection or just a classical antivirus solution. It's evolving into protecting systems at the gateway, protecting new applications and groupware applications like Microsoft Exchange and Lotus Notes.
It has also introduced an evolution in the landscape of virus protection. No longer can we really consider it virus protection or malicious code protection. Such things as Active X and Java, which have really created a dynamic presence at Web sites, can lead to tremendous threats. Someone can take advantage of these niceties in the Web space and create malicious code, which might look innocuous up front but is capable of stealing proprietary information, installing back doors or spreading or propagating a virus. This is another space that's growing in the antivirus field. It is not necessarily a classical antivirus solution, but has been grouped in because it's easier to wrap the term antivirus around this whole malicious code protection space.
Are companies as aware of the risks as they should be?I believe they are aware of the risks on the classical side - viruses, worms and Trojans. But the notion of malicious mobile code or applications that add a dynamic presence on a Web site is an area that still hasn't achieved the same awareness as classical viruses.
One of the main reasons for that is that there hasn't been a well-publicised or well-documented exploitation or attack based on this. This may be because the [victims are] not aware of it or those who have been susceptible to it have already installed solutions for it, like eTrust Content Inspection, which protects at the gateway against these new types of attacks.
It's still an area that requires a lot of awareness and education to instill the need to protect against these new possibly threatening avenues.
How does this awareness impact resellers marketing their solutions to their customers?It allows resellers to go in and present new opportunities. Although an organisation may have already purchased an antivirus solution, this gives the reseller a chance to go back in and start planting the seeds or begin educating [the customer about the] additional threats [they face] apart from classical viruses.
They can step in with new solutions that build upon incrementally what's been provided. There is no one solution or band-aid. We're not saying you should go in and replace what has already been installed with an antivirus solution with, say, a gateway base or content inspection solution. [The solutions] really need to work in concert to provide a complete solution across the board.
Therefore, it is a great chance for resellers to, themselves, become educated about these new threats and the evolving landscape, and then use that knowledge to go out and speak to their clients - revisit old clients and spur interest in new clients - about these newer protection tools.
What similarities can you see between the antivirus market in Australia and the US?As illustrated by a number of the most publicised outbreaks, there are no boundaries to where an attack can start and eventually end. With that being stated, everybody requires antivirus protection in one form or another. Globally, the market place is fairly robust and growing. There is no particular area of the world that needs it more than another because the Internet has erased geographic boundaries. Something that starts in the Philippines can affect and cause billions of dollars worth of damage in Australia or in the US or in Europe very easily.
Another variant of the Melissa virus has been reported. Do you see these kinds of viruses becoming more prevalent in the future?Yes. It's funny how closely the computer virus mirrors the biological virus. Just like we have a number of strains or variants of the flu, the same thing happens with computer viruses. Now why does this happen? Mainly because the code or script or macro used to create a lot of viruses, particularly successful ones like Melissa and Love Letter, is quite often posted to a number of Internet sites.
The "underground", or those who create these types of applications of malicious code, or those who may just be curious about it, can then download [the code], look at it, learn from the example, or even manipulate the example slightly to create a new version, or a new variant.
The number of variants of Love Letter, for example, continues to grow every day. So yes we do see the notion of variants constantly emerging, and mainly because of curiosity. Someone will tinker with something that they've downloaded or seen on a Web site as an example and then use it [carelessly], or perhaps it's just something that gets loose on them without them really appreciating what the virus is doing.
But luckily, there are things like heuristics, scanning based on the behaviour of the virus, not necessarily a fingerprint of that virus, which enables us to stop things like Melissa before they have a chance to spread. Even though [the Melissa variant] is the product of a damaging virus that had travelled earlier last year, it's not going to propagate with the same speed because those who have been maintaining their solutions will be protected already.