Tech Industry

Some say antivirus alerts jump the gun

Some industry experts say that companies issuing virus alerts could be sounding premature alarms for bugs that might not pack much of a punch.

In the wake of a destructive virus that attacked companies around the world, many security companies are taking care to be well prepared to catch the next virulent bug.

Yet some industry experts fear these companies could be sounding premature alarms for bugs that might not pack much of a punch.

Though virus warnings are aimed at consumer protection, some security specialists say that companies could be tempted to hype innocuous viruses. That is because even though viruses are bad news for most corporations and consumers, they tend to boost the profiles of companies that specialize in security software.

For instance, after news of the fast-spreading "I Love You" virus broke May 4, shares of Computer Associates, McAfee and Network Computers surged.

"There is no question that the potential for a conflict of interest is there," said security expert Richard Smith. "It creates more sales for the antivirus software companies. It's just like an alarm company publicizing the possibility of break-ins: It helps them sell more alarm systems."

Fear of new and more potent viruses is running high in the wake of the debilitating "Love" bug, which brought businesses to a halt and caused potentially billions of dollars in damages from lost data, productivity and efforts to eradicate it.

Some viruses bark more than they bite, however.

Smith cited as an example the "Bubbleboy" virus, which first appeared in October. Accounts of its crippling nature didn't wind up posing a serious threat to the Internet community, Smith said.

Another overhyped scenario involved the numerous warnings surrounding Y2K viruses that never materialized. "It turned out that all the virus writers were out celebrating just like everybody else," Smith said.

Virus Alert
Name: Win32/SouthPark worm

What it does: Can overload email servers; once computer is rebooted, can overload the hard drive.

Means of transmission: Email; uses Microsoft Outlook.

How to recognize: Arrives in email with "Servus Alter" (German for "Hey Dude"). The message is in German, translating to "here is the game that you desperately wanted."

Who is at risk: Any Windows 95 or 98 users.

More recently, Computer Associates yesterday warned of a new worm spreading through email disguised as a "South Park" game. The company described the worm as "dangerous" and touted its antivirus software for ridding the infection.

But many other security companies downplayed the threat, saying that it appeared to be more of a nuisance than a menace.

The South Park virus shows up in email under the header "Servus Alter!" ("Hey Dude" in German), then gains access to a person's email address book and duplicates itself. The virus does not destroy or override files. Once a person reboots, however, it crams up the hard drive, making the system inoperable.

Though the South Park virus can cause damage, few computers have been infected, leaving many experts to believe that a warning was not warranted.

Dan Schrader, chief security analyst at Trend Micro, said his firm was monitoring the South Park situation, but that experts there were not overly concerned. "We didn't feel it was worthy of an alert," he said.

Piers McMahon, security business manager at Computer Associates, said the company received about a dozen complaints, mostly from people living in German-speaking countries.

McMahon said Computer Associates submitted the warning "because it's important to bring to people's attention. It may only be affecting German-speaking countries, but the Internet is not Anglo-Saxon-centric."

He also said that the virus, see CNET Software: Protect yourself from a virus attackthough not as malignant as last week's I Love You and all its mutations, still "makes systems unusable; it's not just a chain mail."

Other experts say that not all information about new computer viruses is beneficial, however, and that companies ought to use some discretion.

"I don't think it does any good to overhype the ones that aren't that bad; otherwise we'll end up looking like the boy who cried wolf," said Steve Gottwals of F-Secure in San Jose, Calif. "We usually classify them as they come through."