In The Anti-Virus Trenches: Interview With Joe Wells
Joe Wells, founder of the WildList and a key player in the antivirus community, speaks out on the growing complexity of viruses, what companies are still doing wrong and what threats to expect in the future.
Wells has devoted most of his career to antivirus efforts. He has been battling malicious code for about 22 years now, writing his first security software -- a virus/Trojan detector -- in 1988. But he's most well-known for starting the WildList Organization International, which publishes the monthly WildList, a cooperative antivirus report. Antivirus experts around the world work jointly on the project, which is widely considered to be the foremost report of what viruses are loose 'in the wild,' meaning they're spreading, infecting systems and causing damage.
While Wells is no longer actively publishing the report himself these days -- he's still one of the many contributors -- he continues battling viruses on a daily basis. As the new chief antivirus architect for Fortinet, Inc., a Santa Clara, Calif.-based network security company, Wells talks about the topic that has gone from being a simply hobby to a professional passion in his life.
Q: What is it about viruses that still compels you to devote so much of your time to fighting them?
Q: What remains intriguing about it?
It's constantly changing. The threat has evolved over the years. It's never boring. Viruses used to spread by sneaker net -- very slow. Today, it only takes a few minutes. The actual nature of the threat itself has grown exponentially. It's moving ahead at a staggering rate.
Q: Are we about to deal with a new level of viruses -- more sophisticated, more dangerous?
We're about to see a whole new level. We're very much expecting cross-platform worms. There are already a couple of .Net viruses in existence. They're getting more sophisticated for a very simple reason. It used to be that people who wrote viruses used assembly languages. Today, the people who write them have access to incredibly powerful systems. It's freely available to everyone. It could be anybody who knows Visual Basic and a whole lot more people know Visual Basic than know Assembler...Statistically, most new viruses seem to be coming out of the United States right now. It's getting harder to tell where the hot zones are since it's harder to trace the viruses back to where they came from.
Q: Are the antivirus technologies keeping pace?
The industry is doing its job. They're keeping pace. It's an arms race but the antivirus writers are keeping up best they can.
Q: What new type of viruses are looming ahead?
The complexity of the Win32 viruses and worms. If you look at the most recent WildList, its primarily Win32 type viruses. They're being developed in sophisticated environments like C++ and Visual Basic. This is the trend that will probably continue. These are the ones that will be polymorphic, making them harder to detect. It makes more work for the antivirus industry.
Q: What new antivirus technology are you the most excited about?
Viruses come via email. It's critical not to let them into the enterprise to spread. Gateway products are going to be key. Any single entry point, like a firewall to protect your enterprise from the outside world, is the gate to your city. That's where you have to put your security.
Q: What are companies not doing, but should be doing, to protect themselves from viruses?
Only 85% of all corporations have antivirus software in place. It's amazing to me that people don't have antivirus software. And even when they have it, it goes out of date so quickly. They need to update their products. It needs to be an automated thing at this point. It should be a normal cost of doing business.
Q: If you could give one piece of advice to security and network administrators what would it be?
Guard the gate. Whatever else you do in your enterprise, stop as much as you can before it gets in. Some companies have email scans in place, but they have users who have personal email on the Web. They go up and get their personal email, click on the attachment and it affects the system inside the corporation. It's a hole at the gateway. You can't just check mail.