Bug Watch: Each week vnunet.com asks a expert from the IT security world to give their views on recent virus and security issues, with advice, warnings and information on the latest threats. This week's expert is Graham Cluley, senior technology consultant at UK-based antivirus company Sophos.

Automated systems that 'push' out antivirus updates from vendors directly on to users' machines are being marketed by some of the big players in the market. There is even one plan to deliver automatic updates via satellite.

The logic sounds simple and attractive, but there's a problem: network managers and computer users don't always remember to update their antivirus software regularly enough.

Solution: design a system so that the computers update automatically.

However, while attractive on face value, these systems have two big flaws. First, do you really want a third-party company updating the software on your network without your approval, particularly when that software (like antivirus protection) runs at a very low level at the heart of your Windows NT or Novell server operating system?

This week antivirus software proved to be a bigger problem than the viruses it was supposed to protect against when one antivirus vendor issued an update that stopped many of its customers' computers from working.

In internet newsgroups and message boards, companies told of late nights manually uninstalling antivirus software in an attempt to get their networks running again.

Antivirus programmers may play three-dimensional chess and wear purple loon pants, but they are still human - and humans sometimes make mistakes.

In this case, the antivirus company hadn't tested its DAT (virus update) files with an older version of its scanning engine - and worse, hadn't stopped its users from running the older engine with the latest DAT files.

Automatically pumping out the latest virus protection to these users meant their systems turned to treacle as an incompatibility between engine and DAT file caused chip use to rise to 100 per cent.

The second big flaw in this system is that such a solution removes the need for users to worry about updating their antivirus software and ensuring that they have the latest antivirus identities. But therein lies the biggest problem: when automatic systems remove the worry and the responsibility, complacency and absolute trust in the antivirus software follows.

The result is that users forget to practise safe computing and the next Love Bug or Melissa rips through their system before an antivirus identity can be produced by vendors. It took several hours for any of the antivirus companies to patch for the Love Bug, but following safe computing guidelines would have kept users secure.

Antivirus software only plays one part in a solid IT security solution, and suggesting that automatic updates will provide total protection against viruses and immunise networks is counter-productive. User education is the key to long-term protection.

For their part, corporate users of antivirus software should not update all their PCs automatically without first testing the update works on a small number of PCs.

If you're a system administrator looking after virus protection in your company, take my advice. Test your antivirus software actually works before rolling it out over your enterprise, and ensure that all your users are aware of and are practising safe computing. Otherwise your chief executive may have to deliver your P45 in person because he can no longer get into his email.

Next edition: 17 November