Users' Bane Is Antivirus Market's Boom

"The recent onslaught of viruses and worms such as Blaster, Nachi, and Sobig highlight the need for antivirus products, and more importantly, the need to update services," said Brian Burke, research manager for IDC's security products division.

IDC predicted that the antivirus software business will keep booming, fueled by fears that further viruses and worms on the level of Blaster and Sobig will strike.

After growing some 31 percent in 2002 over the previous year--to revenues of $2.2 billion--IDC now forecasts that the business will get even bigger over the next five years. By 2007, antivirus solutions will carry a worldwide price tag double that of 2002: $4.4 billion.

The factors that will drive the long-term boom are primarily coming from the consumer and small business sides, said IDC, where higher-profile attacks and higher-priced monthly subscriptions to antivirus updates will combine to boost sales and revenues.

"While corporate customers have long realized that antivirus software is only as good as its last update, consumers and small businesses are realizing the necessity of subscription-based updates," said Burke.

IDC's take on the impact of Blaster and Sobig was borne out Tuesday as several antivirus firms announced their monthly lists of the most prevalent malware.

According to Moscow-based Kaspersky Labs, the Sobig virus--the most recent variation of which flooded mailboxes two weeks ago--accounted for a whopping 61 percent of all viruses and worms detected during the month of August.

Sophos, another antivirus vendor, tagged Sobig, Blaster, and Nachi as the top three on its monthly top 10 list. By Sophos' tallies, Sobig.F ranked number one for August, accounting for more than one of every three viruses or worms. Blaster was a distant second, with approximately 19 percent of the month's count.

"August 2003 will be remembered as one of the worst months in the history of computer security," said Chris Belthoff, a senior security analyst at Sophos. "Sobig.F clogged up inboxes and crippled networks with the sheer volume of email traffic. Users and companies should remain on guard and put systems in place to protect against future attacks," he said.

"Consumers and small businesses are finally recognizing that antivirus software is more of a service than a product," said IDC's Chris Christiansen, the company's vice president for security services.

The future of antivirus defenses lies in the "layered" approach that many organizations are taking, said Christiansen, who predicted that the combination of traditional, signature-based technologies and behavior-based analysis will increasingly be applied to defend against both known, and more important, unknown, attacks.

Other analysts have applied the August's lessons differently. Gartner's Arabella Hallawell, for instance, urged enterprises to do more than just rely on regularly updated antivirus software.

Viruses such as Sobig.F, which propagated using spammer-style techniques, including grabbing addresses from infected users' systems to trick additional recipients into opening the file attachment payload, mean companies should pay more attention to defending the SMTP gateway, Hallawell said.

Among her recommendations, she advised companies to subscribe to vulnerability alerts so administrators can block ports and servers as attacks are only getting off the ground; examine SMTP servers' security to insure that they can't be hijacked; and add personal firewall protection to desktops as a back-up for server-based antivirus protection.

This story courtesy of TechWeb.