BBC Tuesday, 24 April, 2001, 15:03 GMT 16:03 UK

System to combat e-mail viruses

E-mail viruses can spread rapidly Britain's Ministry of Defence says it has come up with the answer to computer viruses that travel by e-mail.

Researchers working for the MoD have developed an early warning system that they say should stop malicious programs hijacking e-mail software and using it to spread themselves to more victims.

Over the last 18 months a succession of e-mail viruses have wrought havoc around the world as they jammed mailboxes and clogged corporate networks.

But experts say the novel protection system will only make a small difference as it only takes one person in an unprotected organisation to spread a virus to thousands of other people.

Since the Melissa computer virus struck in March 1999, businesses and individuals around the world have been regularly hit by a novel strain of computer virus that exploits the weaknesses of Microsoft's popular Outlook e-mail program.

Many versions of this software allow workable programs to be attached to messages that are activated whenever the e-mail carrying them is opened.

Love Bug

Many of the viruses prey on the frailties of human psychology to ensure that people open the booby-trapped messages.

The most successful of these novel virus programs, called the Love Bug, masqueraded as a love letter and tricked thousands of people into opening it and unleashing an attached program that raided their address book and mailed a copy of itself to everyone found there.

After Melissa and the Love Bug came other variants such as the Kournikova virus and the Naked Wife virus - all of which tried to spread by tricking people into opening them

The latest version of these sorts of viruses is called Matcher and promises to find a love match for anyone opening it.

Now researchers at the Defence Evaluation Research Agency claim to have found a way to defeat these viruses and stop people unwittingly passing on infected e-mail.

Instead of catching viruses before they strike the MoD software, known as ::Mail, acts after infection.

The software displays a warning box whenever anyone sends any e-mail telling the sender who they the recipient is and asking them to confirm that they want to despatch the mail.

The hope is that a user's suspicions will be aroused when these warning boxes start to appear because Outlook has been infected and is sending messages without the help of its owner.

'Click fatigue'

But experts say that the MoD approach is nothing new and could end up annoying users rather than helping with security.

Eric Chien, chief researcher at the Symantec Anti-Virus Centre in the Netherlands, said these type of "behaviour blocker" programs had been around for years.

"The problem with this sort of software is that you are still asking users to respond to the question," he said.

Many e-mail viruses like the Love Bug spread so quickly because users clicked on things they were not supposed to, and there is no guarantee that they will be able to discriminate between messages they want to send and those generated by a virus.

In the past the blocking programs had given rise to "click fatigue" and annoyed users who found they had to reassure their computer every time they want to do something.

Often people ended up ignoring the words in the warning box and hitting "yes" simply to clear their screen.

Scanners

"Virus protection is a trade-off between security and functionality," said Mr Chien.

"We know from consumer research that people are usually reluctant to use these methods to stop viruses spreading."

The MoD technology is only the latest in a series of anti-virus protection systems developed for the PC.

Many companies employ virus scanners on servers which inspect files travelling across networks for the tell-tale signatures of computer viruses.

In a bid to stop novel viruses, others use software that look within files for code that resembles, rather than matches, that found in known viruses.

Last year Microsoft released a patch for its popular Outlook e-mail program that closed many of the loopholes that many e-mail viruses exploit.

Viruses like Melissa and the Love Bug are known as Trojans because, like the legendary wooden horse, they conceal a dangerous payload inside an innocuous package.

-- Anonymous, April 24, 2001