Anti-virus companies slam reporting procedures

By Matt Whipp

Posted on 20 Dec 2004 at 10:53

Antivirus vendors claim that in order to bring virus writers to justice, we are going to need better ways of reporting infections.

Graham Cluley, senior technology consultant for UK security specialist Sophos said that the current system effectively means you have to look around for victims after you have established that a crime has been committed: 'At the moment, what happens is that the police say "we're not interested until we catch someone", and when we catch someone we'll approach the antivirus companies and ask them whether they have any victims.

'I think that's an unnecessary pressure on the antivirus companies, to keep records of everyone who's been infected by a certain virus. And then we have to ring up our customers and say we've been approached by the police, would you like to make a statement or not, because we can't just pass this on to the police without the customer's permission.'

Natalya Kaspersky, CEO of Moscow-based antivirus vendor Kaspersky Labs said that her company had also had real experience of this problem. 'I cannot say we have had satisfactory work with the authorities. This year we are proud that we caught one virus writer. But the [fine] was something like $300.

'The problem for us is that under Russian law you need to prove the damage. But none of our customers - these were big institutions - wanted to issue a witness statement.'

She said that China, conversely, has been more active. In China there is a special antivirus police force that co-operates with the industry, members of which are visiting the company this week. 'The Chinese government really seems to care about the problem,' she said.

Part of the problem is that unless there is some mechanism to record this kind of crime, the authorities will never be aware of the scale of the problem and afford the divisions that have to deal with it the resources they need.

'We spoke to the National Hi Tech Crime Unit because some of the companies we have spoken to have said "we want to report our virus incidents", because we want to catch the people who have written these things and think that giving them information is going to be useful,' said Cluley. 'However they said for goodness sake don't try and tell your customers to report virus incidents to us because we can't handle it.'

'But for the NHTCU to get the resources they probably need to deal with real internet crime, well they're never going to get those resources until they know how big the problem is.'

'So there should be some mechanism, even if there's virtually no chance of catching these guys... these crimes should still be being recorded somewhere. And then we can decide what resources we are going to give them, what money we are going to give them to catch these guys. And sometimes when you report the virus incident, especially early on in the infections, you might be very close to the virus writer. There may be a way of getting more information.'

The NHTCU said that the Home Office recently published a report highlighting the breadth and scale of the threat, but wouldn't comment as to how this may translate into more resources being made available to combat the problem.