'Linux viruses will quadruple in two years'

There are 300 viruses at any given time lurking in the networked world of IT. There may perhaps be fewer viruses today than what we had three years back. But today's viruses are smarter than their predecessors. These are some of the facts that you learn when you meet anti-virus expert Vincent "Vinny" Gullotto, the founder and head of Anti-virus Emergency Response Team (AVERT) at Network Associates.

Vinny is also the developer of WebImmune, the world's first virus security scanner that is situated on the Web. Users can submit suspected files to WebImmune for scanning, analysis and fixing.

"We are trying to build intelligence into automation. Generally, we have the information about 80 per cent of the viruses and also carry solutions against them. The scanners work on things we know about. Building intelligence to the automation process will help reduce the risk," says Vinny, describing WebImmune.

He points out that the volume of viruses reported in India these days is comparable to the figures of the US. According to WildList.org, the number of viruses in India has increased from nine in January 1999 to more than 50 in May 2002. However, according to Vinny, only the first 4-5 viruses may be common in the two markets. They would differ as we go down the list.

"In India, the growth in IT has resulted in the growth in the number of viruses too. Users are not able to get security these days. However, it will come down as the market matures and become alert," he forecast.

The AVERT team has been able to detect most of the big viruses at least a few months before their outbreak. Despite such methodical study of the viruses and anti-viruses companies predicting about the future viruses well in advance, we still witness epidemics.

"There are many reasons for them. Customers are not aware that they should update their security software and prevent damages. With increased penetration of PCs, the viruses are now moving towards the home users too. Then the virus writers have learnt to make their viruses look different, thereby confusing the users. Through mails, these viruses spoof the senders making the victims feel the attachments are sent by known people. But, the biggest reason is complacency. Now, for a long time, we have not had any big virus. This makes the users lazy to update their scanners and also forget to check before double clicking on the attachments," explains Vinny.

Is Linux as immune as it is made out to be? "We hear of Windows viruses more because the OS is widespread. As the market penetration of Linux increases and the Linux-based software providers will face the time-to-market pressure, opportunities for virus writers on this platform will increase. You will see more of Linux viruses appearing. In fact, the number of Linux viruses will quadruple in two years," feels Vinny.

One of Vinny's many concerns is what he calls as Unified or Compound Threat. "Virus writers are becoming hackers and hackers are becoming virus writers. The "joining" or becoming one in the same has had an affect for some time. We've seen many viruses that have hacker like traits and viruses’ origins. Many of the exploits seen today are developed to take advantages of vulnerabilities that are in software. These threats are usually created by someone who possesses hacker abilities and can write viruses and other malware. Nimda, Klez, and the Linux Ramen worm are a few," he says.

Increasing popularity of Wireless LAN is another concern, as the clients connected to the WLAN become easy targets. He recounted the arrest of a person in the US a few months back, who was travelling in the city in search of WLANs into which he could hack and access information. "Encryption in these LANs are necessary. While PDAs can get infected from the PCs through the conventional route, the former can spread the viruses to other PDAs through native virus transfers," says Vinny.

Another disturbing trend arises from what he calls as Gateway Jumping. The issue around this is that the PDAs are coming in through the front door, thereby jumping gateways of corporate networks. When someone syncs the PDA to the PC any infected file will automatically end up on the PC, or else where.

Microsoft's Pocket PC 2002, the latest OS for PDAs, has an AV-API, which Vinny feels, could become the weak point in the spread of viruses. However, he adds that this API is not expected to be used by the consumers always.

Speaking on virus attacks on connected appliances in future he says, "Well, most of them are potential targets. But, it may not be as huge an issue as it is made out to be. In fact, it will depend on where technology takes us in the future," he says. No vendor would have received as much brickbats as Microsoft when it comes to viruses.

And how are future Microsoft products going to be? Vinny has praise for Microsoft for increasing its efforts to strengthen the security of its products. "Microsoft software is getting better and better. It has taken a 180 degree turn. Now, It is ready to give information and accept information about its products."