Cupertino, CA - Tom Smith, Vice President, McAfee Security Response
announced "the next generation of security software," with
VirusTagging added to its Anti-Virus software. Both the corporate
and home editions of the software will incorporate the new technology.
Also existing "Scan and Deliver," users will be able
to "Tag and Release" viruses placed in Quarantine. This
places a unique tag in the virus's code, and then releases the virus,
usually by sending an e-mail to a randomly chosen person in the users
Outlook address book.
After the virus has been tagged and released, the program sends
the information to McAfee Security Response. Smith stressed that
no personally identifiable information was transmitted, only the
tag, virus data, and key statistics about the system, such as operating
system and applied security patches. The "Tag and Release" option
would be enabled by default, but could easily be switched off.
"The interesting part is when we find a virus that already
has a tag," continued Smith. "Then we can find out what
he's been up to."
In biology and statistics, the technique is known as "capture
- recapture," and is often used to discover the size of a population,
for example a species of animal in a particular region. In many ways
the virus hunter's job resembles that of the biologist- computer
viruses are constantly moving, reproducing, and dying. Hackers could
fake tags, or they could be lost. However in other ways their job
may be easier, in that tagged viruses are no more or less likely
to be caught than others.
So what is wrong with the old-fashioned way of simply removing
viruses when they are found? Nothing, said Smith, "but that
only solves the problem for a single user, on one computer, with
one virus." By identifying how various 'breeds' of viruses spread,
it could be determined which reasons contribute to the relative 'success'
of certain computer viruses. Smith mentioned operating systems and
network topologies as key point of interest, but stressed that this
would be a long-term effort.
ZDNet's Frank Simpson said the idea had some merit, but added the
technology is still untested. "Also, it's not a given that consumers
will benefit from this," said Simpson. "Let's say Symantec
comes up with their own tagging technology. What happens if your
Symantec Anti-Virus finds a McAfee-tagged virus? Does it add it's
own tag? In that case these viruses are going to grow real fast.
Does it remove the competing tag? Hello lawsuit. This could be the
browser wars again, only bigger."
Story to a Friend