SYDNEY - Sophos, one of the world's leading developers of
server-based, networkable anti-virus software, has criticized both
Symantec and Network Associates (NAI) for virus scare-mongering in
the run-up to the new Millennium.
With many businesses deeply concerned about Y2K, confusing
statements from anti-virus companies trivialize the virus issue and
damage the credibility of the industry as a whole, Sophos says.
In a recent interview, a research spokesman at Symantec's
Anti-Virus Research Center was reported as saying there "might" be
200,000 new viruses written especially for the new Millennium.
Network Associates, for its part, has established a Web site
warning of virus "threats", which Sophos says are not in the wild,
and are never likely to be.
"Predictions of this type are unhelpful," said Graham Cluley,
senior technology consultant at Sophos's UK headquarters. "We are
surprised to see prominent anti-virus companies trying to
capitalize on Y2K worries. The anti-virus problem is a day-to-day
security issue and attempts to weave it into Y2K concerns damage
the credibility of the entire anti-virus industry."
Sophos's Australian director, Richard Baldry, is also concerned
by the scare-mongering: "All major anti-virus vendors know that as
more organizations install firewalls and anti-virus software, and
implement enterprise-wide security programs, it's becoming harder
for viruses (especially those not relying on email as a delivery
mechanism) to be released into the wild."
Sophos researchers also point out that any virus is guilty of
unauthorized modification of a computer system (a crime in many
countries, including Australia). Focusing only on viruses which
target specific dates gives a false sense of security, the company
says.
At the Virus Bulletin conference in Canada next month (October
1999), Cluley will be presenting a paper entitled Millennium
Madness: The Truth about Viruses and Y2K. Paul Ducklin, head of
research at Sophos, will be talking on Counting Viruses, explaining
why predicting virus numbers is an inaccurate measure of the
threat.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.