Virus problem grows in 2001

Corporations were hit with a monthly average of 113 virus infections for every 1,000 computers they owned in 2001, according to the seventh annual survey of virus prevalence in the enterprise conducted by ICSA Labs, a division of security services firm TruSecure Corp.

“Every year it seems like the percentage of coverage (of antivirus tools) gets better, and every year it seems like the virus problem gets worse,” said Larry Bridwell, content security programs manager at the ICSA Labs on a conference call held Thursday to discuss the results of the survey.

The survey took place over the course of twenty months from January 2000 to August 2001, and surveyed 300 companies which each had at least 500 PCs, two local area networks and two remote workers. The survey focused primarily on machines running on Intel Corp. chips with Microsoft Corp. operating systems.

Over the course of the survey, 666,327 desktop PCs and workstations were infected with viruses, along with 26,492 file or print servers, Bridwell said. Those figures translate to the 113 infections per 1,000 PCs per month figure, he said. The majority of the viruses spread through e-mail, Bridwell said, noting that mass mailers accounted for around 80 percent of the viruses identified in the survey.

The most common effect of a virus infection, reported by 70 per cent of respondents, was rendering a PC unavailable to the user, the study found. Sixty-nine per cent of respondents said that viruses had cost productivity, while 37 per cent reported loss of data due to viruses.

Twenty-eight to thirty per cent of respondents said they had experienced a virus disaster, defined by ICSA as any event in which a single virus infects more than 25 machines, files or pieces of storage media in roughly the same time. That figure was slightly down from previous surveys, Bridwell said.

And the virus picture doesn’t look to brighten much in the future, he said.

“The virus problem continues to worsen,” Bridwell said, adding that the likelihood of disasters will also increase as more worms like Code Red and Nimda, which spread through multiple methods, are released.

Because the problem will get worse, “there’s going to be an increase in protection and recovery costs,” he said.

Bridwell did identify a number of steps that companies can take to avoid these pitfalls. Network perimeter protection, desktop antivirus and good policy development and enforcement are all key, he said.

“Perimeter protection can arguably be one of the most important assets in the corporate security strategy,” he said. But “perimeter protection is not a replacement for desktop and server protection.”

Perimeter protection involves scanning for viruses as they enter the corporate network from the public Internet.

“The value of desktop protection can’t be overemphasized,” he said.

Bridwell also urged companies to filter attachments, especially those with files types that are frequently used in viruses, such as .exe., .vbs. and .pif, and to subscribe to a security alert service to receive early warnings of possible trouble.

ICSA Labs can be contacted through TruSecure, in Herndon, Va., at