Seven Minutes from Catastrophe

Take precautions, or risk disaster

In the movies, virus labs are deeply scary. Scientists in environment suits peer into microscopes. Nothing gets in and nothing gets out. It's a race against time to find the cure to the latest outbreak.

It's the same thing at Sophos's Virus Lab (apart from the breathing apparatus) but instead of Ebola, they fight Netsky, Witty and Blaster. The antivirus company is based in Abingdon and their secure lab is separated from the rest of the building by a forbidding glass curtain wall and a locked door.

Inside dozens of engineers wrestle with up to 1,000 new virus variants a month. The number of strains is increasing because virus writers have released the code to some of the most destructive nasties online. You can even find them using Google. This means that anyone with a basic knowledge of programming can create their own handcrafted piece of malware.

One of the most insidious problems is the internet worm. This is a virus that spreads from computer to computer directly over the internet. You don't need to open a file, browse a website or install anything to catch one - just leave an unprotected computer connected to the net.

I saw a demonstration of the power of these vicious programs. Three computers were linked together to create a honey pot to deliberately catch an infection. The first computer was the 'sacrificial goat,' running Microsoft Windows XP but without a firewall, antivirus software or the latest updates. The second computer was a firewall to stop it infecting any other computers and the third was a database program that logged internet activity.

The computers were booted up and connected to Sophos's dirty net (the network connection that is linked to the rest of the internet without any kind of protection). Within seven minutes a worm appeared on the victim computer and started searching the internet for more computers to infect. Within 22 minutes a second worm had found us.

Once infected, your computer is wide open. They can use your computer to send spam, attack other computers or scan for credit card numbers. Sophos reckon that, without protection, you have a 90% probability of being infected within an hour.

"Many viruses spread because of the bug's in people's brain, which are much harder to disinfect," says Graham Cluley, senior technology consultant at Sophos. "People still click on attachments that promise pictures of Anna Kournikova. Viruses are an everyday problem - not just when they appear on the ten o'clock news."

He has four main recommendations:

•	Make sure your computer is up-to-date before connecting to the internet. You can do this by downloading (rather than installing) the updates from Windows Update and copying them to the new computer on a CD-ROM.
•	With so many new viruses appearing, he has set his antivirus software to check for updates every 17 minutes. Apparently, once a day isn't enough any more.
•	You need an email policy for your mail server (if you have one) that blocks any executable file. Apparently this would stop 9 out of 10 'routine' attacks. Don't let users decide what to run on their computer.
•	Ask yourself whether all your employees actually need access to the internet. Until recently, at Sophos, employees had to ask for access permission on a website-by-website basis and all downloads and attachments went through the virus labs before being released to employees.