A friend of mine works for a university-based medical research facility, and she recently wondered why their network was experiencing a dramatic increase in virus traffic. Their Internet-facing servers, she told me, were all protected with the latest release of a major antivirus software product. The product, like its popular home version, features automatic live updates of the latest signature files, yet they were getting hit with several variations of the Bagle virus, plus some other new viruses.

Many new viruses have been shutting down antivirus and firewall apps, or, in other cases, disabling the software's automatic update feature

This may sound familiar. You have a desktop antivirus app installed now, and you know the signature file subscription is current with the vendor, but still you're seeing viruslike symptoms or perhaps you actually know that you have a virus. Since the first of this year, many new viruses have been shutting down antivirus and firewall apps, or, in other cases, disabling the software's automatic update feature, leaving your system vulnerable to future attack.

It's actually an old trick. The virus MTX, for example, released in 2000, blocks access to antivirus software Web sites. But these recent antivirus-disabling attacks are more effective because of their sheer volume: with some 30-odd variations of Bagle appearing within a 10-week period, each one better than the last, you might have been hit and not even realized it.

Time to check your protection
At one time, you needed to manually update your antivirus app monthly, weekly, then every couple of days. Problem was, with a big e-mail outbreak such as I Love You, you were often infected before you got around to updating your signature files. So the software vendors opted for automatic downloads of signature file updates. This method has its pros and cons.

First, the pros. I like the set-it-and-forget-it antivirus protection available on most products today. I think it's made protecting your PC much easier for casual Internet users.

I expect to see some major changes coming later this year.

But, unfortunately, convenience breeds a false sense of security. I once knew someone who felt all cars should have standard transmissions so that the driver would at all times remain in touch with the road's conditions and be better able react to danger. In the same way, it might be good for us to have to pay more attention to our antivirus and firewall software. I'm not suggesting we give up the ease-of-use features we now enjoy, but rather these products should now integrate with each other more than they currently do and provide some kind of checks and balances for each other.

Help on the way
I expect to see some major changes coming later this year. Currently, the new ZoneAlarm Security Suite works with your existing third-party antivirus apps and reports whether the signature files are out-of-date or if the app is even working. And the new Microsoft Security Center, one component of Windows XP SP2 (to be released late summer or early fall 2004), will also warn if your antivirus protection is compromised. Whenever the antivirus app becomes disabled, a dialog box informs you of the change. Also, whenever you check the ZoneAlarm Security Suite or Microsoft Security Center main screen, you'll see a warning that your antivirus protection is not enabled.

Until these products become widely available, you will still need to check your antivirus apps from time to time to see that they are still working.

A happy ending
My friend has taken to doing just that, and in the process, found the antivirus software update feature on one of the servers had been disabled in early April. By reactivating that server's protection, her research facility has significantly reduced their latent virus problem. I suspect some of you may experience the same result with your home computers.

Got a security question? Let me hear about it!