Symantec and NAI slammed for Y2K virus hype

September 17, 1999 Sophos Press Release

Sophos has criticised Symantec and Network Associates (NAI) for virus scare-mongering in the run-up to the Millennium. With many businesses deeply concerned about Y2K, confusing statements from anti-virus companies trivialise the virus issue and damage the credibility of the industry as a whole.

In a recent interview, the chief researcher at Symantec Anti-Virus Research Center was reported as saying there might be 200,000 new viruses written especially for the Millennium. Meanwhile, Network Associates has set up a website warning of virus "threats" which, according to Sophos are not in the wild, and are never likely to be.

"Predictions of this type are unhelpful," said Graham Cluley, senior technology consultant at Sophos. "We are surprised to see anti-virus companies trying to capitalise on Y2K worries. The anti-virus problem is a day-to-day security issue and attempts to weave it into Y2K concerns damage the credibility of the entire anti-virus industry."

Sophos researchers point out that any virus is guilty of unauthorised modification of a computer system (a crime in many countries). Focusing only on viruses which target specific dates gives a false sense of security.

At the Virus Bulletin conference in Canada next month, Graham Cluley will be presenting a paper entitled "Is there a Y2K virus problem?". Paul Ducklin, head of research at Sophos, will be talking on "Counting Viruses", explaining why predicting virus numbers is an inaccurate measure of the threat.