Automated viral detection system to be launched later this year

As malicious attacks on websites become as frequent as the common cold the computer industry is examining the human immune system…

As malicious attacks on websites become as frequent as the common cold the computer industry is examining the human immune system to find ways of dealing with increasingly destructive viruses of their own.

Symantec, in association with IBM, has devised a new automated anti-virus system modelled on how the normal human immune system deals with viruses and disease.

The threat of destructive viruses, such as Melissa and Worm Zip spreading at high speed through the Internet and into networks of both company and personal computers, means the next generation of virus killers must be capable of dealing with the destroyers faster than ever before.

Mr Julian McMenemen, country manager for Symantec in Ireland, said it and IBM were working towards complete automation of virus-protection systems.

READ MORE

"Viruses are now moving in Internet time, and so anti-virus software will have to develop to cope with this, and the only way to get a response time quick enough is to automate the system."

He said with fears over viruses being triggered by the millennium over the new year, many companies had shut down their email systems and Internet connections, but that in future years the growth of e-commerce would make this impossible.

Digital immune systems (DIS), unlike normal anti-virus software, work independently, by automatically handing files to a central computer for analysis when it is suspected that they are infected by a virus.

The file is then examined and used to infect an isolated network of PCs which are again automatically tweaked to activate the virus. The infected PCs are then monitored to identify its signature and create an antidote to counteract and destroy it.

The cure is then tested on the original infected file and on the other test files before being passed back to the PC that first contracted the virus, to cure it.

The signature of the virus and the cure for it are then spread around the Internet so that other victims can respond or even prevent the infection.

If the idea does become a reality, the system automation will generate phenomenal savings for companies, according to Mr Sean Reynolds, managing director of Information Security Consultants, Rits.

He said that although the technology being used was not new, the idea of a system working independently and being able to deal with the unknown was "conceptually brilliant". However, it would have to be seen whether the technology would work in practice, he said.

Mr Kevin Street, Symantec technology manager for Europe, Middle East and Asia, said the new system took just 45 minutes to find an antidote when tested on the extremely destructive Melissa virus. This is eight times quicker than the time it took technicians to find a solution when the virus first appeared.

Mr Street said that the analogy with the human system is not that far fetched. The software identifies the virus, creates antibodies, and cures it within the system without outside intervention.

He said the system's aim was to be able to respond to viruses quicker than they could be created.

The company aims to be able to deal with any virus within 30 minutes.

One of the main advantages of this system is that new virus killers will not have to be reinstalled or rebooted over and over again once a virus is detected.

DIS will detect and cure viruses without any interruption for companies and without any human input into the problem.

The system is currently being tested at several large firms, enabling suspect files to be passed automatically to a system administrator who can then decide whether to pass them on in turn to the analysis centre.

DIS, which has cost considerably monies and has taken 15 years to develop, will put the Symantec IBM anti-virus software, trading under the Norton brand, light years ahead according to Symantec. Mr Dermot Williams, managing director of competitors, Systems Associates, said responding to threats quickly with the almost logarithimic growth of viruses like the worm zip was the key to new anti-virus software.

He said the number of viruses now appearing and the speed at which they moved meant small anti-virus software companies would be wiped out.

He claimed that bigger firms with the financial resources to plough large amounts of money into R&D to combat the viruses would take over.

The digital immune system from Symantec IBM will probably be available under its Norton anti-virus brand by the middle of the year.