Despite better antivirus protection, companies are getting hit by an increasing number of viruses, according to a recent survey conducted by ICSA Labs.
The 300 organizations surveyed had 1,182,634 run-ins with viruses on 666,327 machines from January 2000 through August 2001, the survey's term. This translates to 113 run-ins per month per 1,000 machines, the survey found. Since 1996, ISCA has seen an annual increase of 20 run-ins per month per 1,000 machines.
File corruption and data loss is on the rise, although lost productivity is still the major cost associated with viruses, the survey found. The average company spends between $100,000 and $1 million per year for desktop-related security disasters.
However, the survey found disasters were down from the previous two years. About 28% reported a disaster while 51% reported one last year and 43% in 1999. ICSA defines a disaster when 25 or more PCs are infected.
ICSA's Larry Bridwell identified three reasons why damage seems to be down while the virus threat is increasing. First, users are continuing to install more antivirus programs on everything from their e-mail servers to their proxy servers and firewalls. About 90% of those surveyed said all of their PCs had anti-virus protection.
Second, companies are doing more filtering for specific files types at the gateway, said Bridwell, manager of ICSA's content security programs. For example, executables and files with double extensions are stopped right away and not even scanned.
Lastly, Bridwell wonders whether respondents were fully aware of all the viruses that circulate. For example, Code Red hit servers not PCs, which is more the focus of the survey. Also, the period of the survey fell during the Nimda infections. About 180 responses had been collected before it hit.
Yet even while more companies are becoming vigilant about antivirus software and screening files, virus writers are becoming crafter, Bridwell said. Worms such as Goner and Code Red exploited different ways to infect systems. Code Red didn't rely on human action to infect machines, but spread from system to system. Meanwhile, Nimda had multiple ways it could infect systems.
Viruses tend to come in waves, Bridwell said. Just as one kind of malicious code begins to peter down, another one ascends.
For example, boot sector viruses that spread via infected disks, were among the earliest examples of malicious code. However, over time, rates of them fell off as virus writers reached the limit of what that method could do. Such was the case with macro viruses. "In 1998, we saw them start to taper off as there are only so many ways a macro virus can work," Bridwell said.