ISPs look to kill viruses before they strike

New generations of viruses like Melissa or Bubbleboy multiply too quickly for individual users to keep track, companies say. The best way to control infections is to place anti-virus software into a network, companies claim, so an email can be disinfected before it reaches its destination.

"This year has seen an explosion of fast-spreading email-borne viruses, that can spread to thousands of machines in hours," said Dan Schrader, a researcher with anti-virus firm Trend Micro. "There is no way that the desktop model can protect against that."

It's an idea that is only just beginning to take off in the world of Internet service providers (ISPs)--but it comes at a time when service providers are desperately looking for ways to distinguish themselves in an increasingly competitive market.

The traditional modes of anti-virus protection are grounded in the days when consumers largely had to worry about infection from swapping floppy disks. Since most computer users didn't trade disks often, viruses spread slowly, with occasionally updated software packages sufficiently protecting most users.

But then along came the Internet, as well as a host of security holes in programs like Microsoft Outlook that virus-writers found ways to exploit. The most common viruses are now spread through email, and fast-spreading variants like Melissa can sweep across the online world in the space of a few days.

The host of new viruses means users need to update anti-virus software within hours or days of each discovery to be protected--and that's simply not realistic, analysts say. Most home users update their software every few weeks or months, at best.

By contrast, ISPs generally have technical staff on board around the clock, and are in a much better position to keep up with the latest anti-virus updates and react quickly to new outbreaks. Many ISPs are already acting as the first line of defense to filter out material that is slightly less threatening: junk email.

The strategy is still fairly new, and only a handful of ISPs have jumped on board. The Net business of local phone firm US West provides its customers with anti-virus services, as does Sprint's small-business Net division. Schrader said that Trend Micro is also working with British Telecommunications, while a few large U.S.-based ISPs are still in the preliminary stages of considering network-based anti-virus services.

To offer the service, an ISP or telephone firm will install software inside a mail server to scan incoming email for known virus codes. The model is similar to what happens at many big corporations, which maintain antivirus protections at the gateway between their own network and the Internet.

"Desktop applications, unless you update them on an extremely regular basis, don't protect you from all the viruses that are coming through the Internet," said Audrey Thompson, director of Internet product management at US West. "We can do that at the ISP level more effectively."

Many ISPs aren't convinced of the benefits of the network strategy. The enormous amount of technical work required to scan incoming email traffic and to connect to billing and directory systems just doesn't make the service worthwhile, they say.

"At the server level it would be an incredibly big job, and some people might consider it an invasion of privacy," MindSpring spokesman Ed Hansen said. "As far as I know, we're not considering that right now."

For the most part, security analysts approve of the technology, agreeing that it's easier and faster for a few thousand ISPs to protect themselves against a virus attack than it is for a few million individual users. But they warn that ISPs can't provide perfect protection, any more than desktop software can.

The fastest viruses can spread a long way in the time it takes anti-virus software firms to create antidotes, noted Elias Levy, chief technology officer of Security Focus, a company that monitors computer security problems. Anti-virus software, wherever it is installed, can still miss some malicious code or block emails that aren't actually infected, he added.

"It's a good service," Levy said. "But it might provide people with a false sense of security."