Antivirus technologies need to change because they fail to limit viruses during the crucial first hours of an epidemic, experts say. MyDoom could spell the end of some security technologies. The virus, which has combined many old attack techniques into a successful package, was hardly blunted by antivirus programs during the first few hours of its exponential spread. That"s a problem, said Shlomo Touboul, chief executive of security software maker Finjan Software. "The MyDoom attack should never have propagated so far into the Internet," he said. "It is obvious that we need another layer [of software] to protect during the first hours of attack."
Despite a deep understanding of how such viruses spread, security experts seem to be at a loss at how to stop them. Popular antivirus technology is generally ineffectual against many of the attacks until an update is downloaded by the user. Moreover, even though antivirus software is the most popular security technology in use -- about 99 percent of corporations use it, according to the Computer Security Institute -- many home users still don"t use the software. "Many people don"t even have the software," said Bruce Schneier, chief technology officer for Counterpane Internet Security. "And for those that do, the first few hours of an epidemic is a race against time."
MyDoom spread through email a week ago, infecting a new computer every time an unwary user opened the attached filed containing the program. As many as 2 million computers may have been infected. The original virus was programmed to attack the SCO Group"s Web site last Sunday, while a variant is scheduled to target Microsoft on Tuesday. Email service provider MessageLabs has quarantined more than 17 million email messages in a week, said Alex Shipp, senior antivirus technologist for the company. From data captured early in the epidemic, MessageLabs says that for every Internet address with an infected PC behind it, eight emails are sent, on average, to one of the company"s customers.