Comment by Allan Dyer
It is not difficult to find reports that contradict Aladdin's conclusions, in May Messagelabs reported that Klez had become the biggest computer virus ever, Symantec report on a group of new Peer-to-Peer worms in their August newsletter, and Sophos detected and protected against 3,279 new viruses in the first six months of 2002. Messagelabs also said it intercepted more than 2 million infected messages in the first six months of 2002, double what it encountered in the same period last year.
Where is the truth? Reality is never as simple as nice, clean statistics. Messagelabs customer base has been steadily growing as more people realise the benefits of their service - they recently announced their one millionth user, so the important figure to look at in their statistics is not the total number caught, but the ratio of viruses to total emails. That has also grown, but not as fast. Sophos also said that it detected and protected against 6,127 new viruses in the first half of 2001, almost twice as many as this year. However, the number of new viruses is largely irrelevant to the threat level - most of the incidents last year were caused by a handful (Badtrans, Hybris, CodeRed, Sircam and Nimda) of viruses - less that 0.1% of the total number of new viruses. Today, the discrepancy is even more pronounced: Sophos's figures show that just one virus, Klez, accounts for 29.4% of incidents, and Messagelabs' catch for the last 24 hours show 19538 out of the 31964 viruses they stopped were Klez - that is 61%.
But this is not the whole picture either: Messagelabs' figures, because they are specialised in email services, only counts the viruses in email - there could be a massive outbreak of the Peer-to-Peer worms mentioned by Symantec, and, as long as they did not also target email, Messagelabs' statistics would show nothing. Sophos' figures only show incidents reported to them. There are no really reliable, global statistics for computer viruses and worms.
What is my view? Things are getting worse: CodeRed and Nimda showed the potential of worms, Sircam and Klez showed how bad many users are at following guidelines. The drop in the number of new viruses is unimportant, and could rapidly change (we once saw the virus total jump by 17,000+ overnight, because some idiot ran a virus generation toolkit for a very long time, and dumped the results on the anti-virus developers). However, protecting yourself and your organisation is still the same: follow sound security practices.