How the security firms are fending off viruses

Computer viruses are nothing new. The first, called Creeper, hopped between DEC PDP-10 computers via the Arpanet network – a precursor of the internet – back in the early 1970s. The first virus known to infect personal computers appeared in 1982, when a program called the Elk Cloner spread between Apple II computers via infected floppy disks.

Unsurprisingly, as the number of viruses has grown the nature of these threats has changed. First we saw viruses move from being merely annoying to remarkably destructive, and then as internet access became widespread there was no longer any need to piggy-back on disks, so viruses moved to email and the web.

In the past few years viruses have changed direction again, moving away from meddlesome destruction of data towards criminal activity and identity theft. At the same time we’ve seen a fresh explosion of malicious attacks, and the technique of simply ‘scanning’ a computer for viruses has struggled to keep up.

Instead modern security tools are turning to a variety of new methods when it comes to fending off viruses and other threats, and so this issue we spoke to some of the biggest security firms to find out how they work.

Signed, sealed, delivered
Traditionally, anti-virus software has relied on two key technologies: signatures and scanning. A signature is information about a file that’s known to be a virus: at its simplest this could be a snippet of code found inside a malicious file. In an ideal world the software would have a signature for every virus out there, and so most anti-virus tools downloaded fresh signatures at least once a day.

Armed with a database full of virus signatures, the anti-virus program would check every file on the computer to see if any were part of, or had been modified by, a virus. To do this they would scan the computer, one file at a time – either when you started the process manually or according to a schedule.

The problem with this approach is that in order to stay protected the PC needs to know a signature for every single virus that’s threatening it. This makes it difficult to keep up when the number of threats is large.

In the past few years the number of threats has exploded: Symantec’s Con Mallon told us that it had moved from issuing around five signatures a day in 2000 to around 15,000 a day this year, while Kaspersky Lab’s David Emm told Computeractive that his company is now processing 30,000 unique virus samples and issuing 3,500 signatures daily.