From...

April 23, 1999
Web posted at: 2:52 p.m. EDT (1852 GMT)

by Stan Miastkowski

ALSO    CIH virus may hit on Monday    Sign up for the Computer Connection email service    For more computing stories

(IDG) -- Network Associates Inc., which distributes the popular McAfee VirusScan software, announced this week that its AVERT (Anti-Virus Emergency Team) will begin ranking newly discovered viruses by their relative danger: high, medium, or low risk.

The ranking should help PC users -- particularly system administrators responsible for large numbers of computers -- make sense of the flood of new virus alerts, a company spokesperson says.

Although an average of 300 new computer viruses appear each month, only a small percentage ever go into wide circulation, or "into the wild" in the parlance of computer virus researchers.

NAI says most new viruses fall into the medium risk category, but particularly nasty viruses like Melissa and CIH 1.2 (scheduled to trigger on April 26) are high risk.

The company will post the ranking of newly discovered viruses as they're reported and then analyzed by the AVERT staff on NAI's Virus Alerts Page. The rankings will also be included in virus alerts and advisories that NAI sends to registered users.

In addition, starting immediately, NAI will update virus signature files for their antivirus products on a weekly basis instead of biweekly. Updates will be available on the company's Web site as well as sent automatically to VirusScan users who have signed up for the AutoUpdate service.

MORE COMPUTING INTELLIGENCE
	IDG.net home page
PC World home page
FileWorld find free software fast
Make your PC work harder with these tips
Reviews & in-depth info at IDG.net
		IDG.net's desktop PC page
		IDG.net's portable PC page
IDG.net's Windows software page
IDG.net's personal news page
Questions about computers? Let IDG.net's editors help you
Subscribe to IDG.net's free daily newsletter for computer geniuses (& newbies)
Search IDG.net in 12 languages
News Radio
	Fusion audio primers
	Computerworld Minute

Rival response

Symantec, maker of the top-selling Norton AntiVirus package (which won Best Buy for the past two years in PC World's antivirus software roundup; see "Virucide!" link below), says it takes a more conservative approach to virus alerts.

Carey Nachenberg, chief researcher for the Symantec AntiVirus Research Center, says Symantec is "very careful" to only post virus alerts for those that are "genuine threats." It also provides users with detailed information on how the viruses work, as well as information on whether the threat is mainly to individual users (like CIH 1.2) or to corporate networks (Melissa).

Symantec also been providing weekly updates to virus signature files for the last eight months.

Aim for risk reduction

Roger Thompson, technical director of Malicious Code Research for the ICSA, which certifies antivirus software for its effectiveness, applauds NAI's move. The key to keeping viruses at bay is "risk reduction as opposed to risk elimination," Thompson says.

According to Thompson, some viruses that are in the wild, such as Melissa, are well worth the trouble and cost of eliminating in large corporate environments, while others, such as the relatively benign Sic "simply are not."

ICSA has also recently changed its antivirus software certification procedure to respond to high risk viruses like Melissa, giving companies only 24 hours notice that they're being added to the ICSA certification test.

Joe Wells, noted virus expert who tracks worldwide circulation of viruses in his WildList, say NAI's approach is "perfectly fine." Wells says there's a lot of hype in the field, with too many companies that make antivirus software doing a Chicken Little act for almost every virus.

Wells adds that the NAIs risk ranking will also remind users of "the two most important things to avoid viruses: Update your antivirus software, and update your antivirus software."