Bug Watch: All quiet on the virus front?

This week's expert, Mikko Hypponen, manager of antivirus research at F-Secure Corporation's antivirus team, looks at the theories behind the eerie silence in the antivirus world.

The first half of 2002 has been eerily quiet for the computer experts on the lookout for worms and viruses.

Is it because antivirus measures are effective, or have their predictions of doom been over hyped? Is it too early to claim victory and determine winners and losers, and will it simply lead to complacency?

Theories on the decline range from the introduction of enhanced antivirus software, to stiffer anti-hacking laws and more vigilant computer users.

Last year, security experts calculated that the Code Red, Nimda and SirCam worms caused billions of dollars worth of damage, knocking out computer networks for days and forcing companies to scramble for fixes to prevent recurring attacks.

But in 2002 with the exception of Klez, a persistent email worm making the rounds since earlier this summer, there's been little cause for alarm; and it's already September.

In 2001 F-Secure issued nine 'level one' virus warnings, a label it uses to signify the most damaging outbreaks. This year the number is zero and the company is only detecting 600 to 700 new virus types per month, nearly half as many as a year ago.

Earlier this year, I issued a release in which I said: "Klez is the biggest case of the year and that's it. That's a big surprise to us and to everybody else in the antivirus community." And it still is.

The lull in hacking and virus writing has also caught the attention of US federal agents.

Marcus Sachs, a spokesman for infrastructure protection at the US Office of Cyberspace Security, spoke at the DefCon hacker conference in Las Vegas and said that this is an encouraging, if puzzling, development.

"Have we seen a change in the mindset of the hacking community? Or patriotism? Or are we doing a better job in getting the word out about vulnerabilities and patching systems?" he asked.

Certainly, corporations are taking extra steps to shore up their computer networks; a development which the antivirus community points to as a big victory, and they have limited employees' email freedoms.

Also, newer versions of antivirus software are particularly effective against the more rudimentary worms and viruses using a common computer code exploited by young virus writers, known in the industry as 'script kiddies'.

The decline in cyber-crime has also been attributed to new laws. The US Patriot Act, enacted shortly after 11 September, and the Cyber-security Enhancement Act call for a maximum prison term ranging from 10 years to life for hacking and virus writing offences.