The speed with which US law enforcers last week tracked down Jeffrey Lee Parson, one of the alleged culprits behind the destructive computer virus MSBlaster, was heralded as a great victory in the battle against computer crime. But an investigation into antivirus software shows that there is no cause for celebration. Antivirus specialists are fighting a losing battle against malicious code like viruses and worms, reports New Scientist. The research, undertaken at Hewlett-Packard's labs in Bristol, UK, is the first to evaluate the effectiveness of antiviral software. It shows that the way we fight viruses is fundamentally flawed, because viruses spread faster than antivirus patches can be distributed. By the time the antivirus software catches up, the damage has already been done, says Hewlett-Packard researcher Matthew Williamson. Most antivirus software works by identifying unique characteristics or patterns in the computer code that makes up a virus. Once identified, this "signature" is distributed to everyone who has bought antivirus software, allowing the software to block or eradicate the malicious code. But this strategy means you have to know what the virus looks like before you can do anything about it, Williamson points out. Williamson's research, due to be presented at a conference in Toronto later in September, is the first time anyone has analysed how effective this antivirus software is. One way of doing this would be to compare how a company network protected by antivirus software fares, compared with an unprotected network. But there is an obvious problem with this approach. "Few companies would be willing to turn off their antivirus software to be part of a control group," Williamson observes. Full article here.