Sophos slams Y2K virus scare-mongering

September 24, 1999 Sophos Press Release

SYDNEY - Sophos, one of the world's leading developers of server-based, networkable anti-virus software, has criticized both Symantec and Network Associates (NAI) for virus scare-mongering in the run-up to the new Millennium.

With many businesses deeply concerned about Y2K, confusing statements from anti-virus companies trivialize the virus issue and damage the credibility of the industry as a whole, Sophos says.

In a recent interview, a research spokesman at Symantec's Anti-Virus Research Center was reported as saying there "might" be 200,000 new viruses written especially for the new Millennium. Network Associates, for its part, has established a Web site warning of virus "threats", which Sophos says are not in the wild, and are never likely to be.

"Predictions of this type are unhelpful," said Graham Cluley, senior technology consultant at Sophos's UK headquarters. "We are surprised to see prominent anti-virus companies trying to capitalize on Y2K worries. The anti-virus problem is a day-to-day security issue and attempts to weave it into Y2K concerns damage the credibility of the entire anti-virus industry."

Sophos's Australian director, Richard Baldry, is also concerned by the scare-mongering: "All major anti-virus vendors know that as more organizations install firewalls and anti-virus software, and implement enterprise-wide security programs, it's becoming harder for viruses (especially those not relying on email as a delivery mechanism) to be released into the wild."

Sophos researchers also point out that any virus is guilty of unauthorized modification of a computer system (a crime in many countries, including Australia). Focusing only on viruses which target specific dates gives a false sense of security, the company says.

At the Virus Bulletin conference in Canada next month (October 1999), Cluley will be presenting a paper entitled Millennium Madness: The Truth about Viruses and Y2K. Paul Ducklin, head of research at Sophos, will be talking on Counting Viruses, explaining why predicting virus numbers is an inaccurate measure of the threat.