News Stay informed about the latest enterprise technology news and product updates.

Users pine for speedier virus signatures from vendors

Now that Trend Micro has established the industry's first service-level agreement for an antivirus vendor, customers may be able to get just what they need from their providers.

Antivirus vendor Trend Micro Inc. recently unveiled a virus response service-level agreement program that will pay customers cash "fines" if the vendor does not forward an updated signature file within two hours of a virus submission.

Archived Featured Topic on's coverage of the Bugbear outbreak

SearchSecurity expert advice: "Security standards for outsourcing agreements" expert

Feedback on this story? Send your comments to News Writer Edward Hurley

While the move is novel, it does hit upon a bigger question: what do customers expect from their antivirus vendors? Is it merely updated signature files in a timely fashion, or just prompt service to inquiries about suspicious attachments, for example?

"Automated, quick signature updates with an alert are essential," said Eugene Martin, IT facilities manager at the Munich Reinsurance Company of Africa Ltd. in Johannesburg, South Africa. Martin would also like to see simplified cleaning and auditing tools, especially for finding outdated antivirus files on desktops.

Chad Massaker, president of Carceron Systems Group LLC of Kennesaw, Ga., would like to see cleaning tools built into clients and downloaded as part of the updates.

Quick virus updates, however, are usually a user's top requirements for antivirus software vendors. Often companies employ two or more antivirus packages to make sure they get an update as soon as possible.

Dale Jackaman, director of information technology systems for Vancouver-based BC Research Inc., wants faster updates. Recently, he had to wait 24 to 48 hours for signatures for some recent worms and viruses. Jackaman employs multiple antivirus software products to address this issue.

"I've occasionally run into a situation where one will catch a particular virus where another will ignore it," Jackaman said. He's also seen compatibility issues between operating systems and different packages.

Antivirus software vendors also acknowledge the urgency of coming up with a signature file as soon as possible. Trend Micro's program, for example, gives customers a guaranteed response time when submitting a suspicious file.

Program participants get a tested pattern file within two hours of submitting a suspicious file, said Bob Hansmann, Trend Micro's enterprise product manager. They will also get an immediate judgment about whether the file is a virus.

The program is available to customers with upper-level support contracts. "Gold" customers get $1,000 if the deadline is missed. "Platinum" customers get $2,000. "Diamond" customers receive $3,000.

In contrast, rival vendors Sophos and McAfee don't offer such a service. Generally, antivirus companies get signatures out quickly without charging extra, said Ryan McGee, director of product marketing for McAfee, a division of Santa Clara, Calif.-based Network Associates Inc. "We focus on quality, not purely on speed," he said.

McAfee uses submissions from its significant install base to help find new viruses and worms. Its Web-based interface, WebImmune, evaluates submissions for known viruses and pieces of virus code. If submissions are new viruses then in many cases, it can even generate updates. About 40% of submissions are handled by this system, McGee said.

Abingdon, England-based antivirus software vendor Sophos also draws upon its install base to keep on top of new viruses and worms. The company even keeps tabs on what people are searching for on its Web site as an indicator of viral activity.

The company says that its antivirus-only business distinguishes it from other vendors. "We only do antivirus," said Chris Wraight, technology consultant at antivirus vendor Sophos. "People ask us about appliances and gateways, but we partner on those."

The company also doesn't sell to home users, so all update servers and telephone support lines are only for business customers. Other vendors' support lines may be clogged during an outbreak by home users calling in. "That doesn't fly [with business customers]," Wraight said.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.