This week Mark Sunner, chief technology officer at email security company MessageLabs, questions the quality of service offered by AV vendors.

Once upon a time email viruses were a breed of lesser-spotted bacteria that only appeared on special occasions. They could be found in remote crevices, their favoured habitat being the warm confines of a floppy disk.

And when they did rear their heads, you could feel confident that your antivirus (AV) vendor would already have the problem sewn up.

Like all good IT managers, you ran your monthly AV update and, as far as you were concerned, you were protected, belt and braces.

This is essentially how things continued until the vehicle of virus transport upgraded from floppy disk to that great leveller: the internet.

The advent of the worldwide web meant that viruses would never be the same again. Yet the method of detecting and stopping them stayed exactly the same.

Spreading fast and furiously by the power of email, viruses started finding their feet, piggybacking on files, hiding in screensavers and generally causing a lot of damage.

In May 2000 the LoveBug gave email users around the world the first real taste of things to come.

LoveBug spread more rapidly than any virus before or since - figures showed that it was detected once in every 28 emails - and caused billions of pounds worth of damage, shutting down computer systems around the globe.

But its victims were not the only ones taken by surprise: AV vendors were caught equally unawares.

So why did LoveBug spread so prolifically when, as far as many companies were aware, they had the latest signatures in place?

Well, the goalposts had shifted. AV vendors were still chasing last week's virus spawned from an infected floppy instead of today's virus that could multiply in minutes.

Suddenly the whole software-based approach seemed less than ideal. More than that, it seemed obsolete, back-to-front, redundant.

Good people found themselves paying for a solution that failed to do what it said on the tin. And no matter how experts try to tell us differently, it still fails to do so.

So how does AV software work? What is behind those traditional AV companies that tell us to update our AV software or else?

It goes something like this. A virus writer releases one of his or her creations into the 'wild'. Assuming that the virus has any guts it will spread slowly at first and then gain momentum.

And no, the users infected at this early stage are not just the 'fly-by-the-seat-of-your-pants' types with no AV protection. They are loyal, conscientious firms that have invested time and money in protecting their network with what they thought was the latest AV software.

AV vendors are unaware of the latest virus until they are contacted by a cheated, disgruntled customer who has fallen foul of this email pest.

This customer is the nominated sacrificial lamb, the accepted loss. He is obliged to send the offending virus to his AV vendor for analysis and the development of a signature for the benefit of more fortunate customers.

It is then down to diligent IT staff to download the signature and update their software in order to stave off the latest viral threat from their technical assets.

So one customer's IT network will lie in tatters for the greater good of the customer base.

Inevitably, there is a period of time in between a virus being released and the signature being issued when IT managers can but cross their fingers and hope for the best.

This is the way it works: reactive, outmoded methods, which are at odds with the modern problem.

But the injustice does not end there. Regardless of how much money companies might spend on the latest software, it is inevitable they will be the ones taking the flak in the event of an infection.

AV vendors are experts at washing their hands of responsibility when a customer gets infected. For many AV vendors, letting viruses through to their customers is an accepted occupational hazard.

If a customer neglects to update their software regularly and is foolish enough to open an attachment from an unknown source, then it is nothing to do with them.

Of course, if a downloaded signature saves the day the story is somewhat different.

So should you be grateful for a service like this? Should you happily part with your money knowing there is a fair chance you could be infected?

On both counts I say no. When I use the word 'racket' in relation to AV vendors, I may be slightly dramatic, but not overly so.

These companies can no longer do the job they were set up to do, and they are hoping that no one will notice.

To switch tactics and tackle email viruses at their source - the internet - instead of once they have already penetrated the network boundary would be to rubbish these vendors' raison d'etre, to undermine the ethics (or should I say urban myths) they have worked so hard to maintain.

The world biggest protection racket? Not far off.