Antivirus firm Trend Micro champions a different strategy: The company aims to filter viruses at the corporate gateway, stopping them before they ever reach the desktop.

And IT managers seeking to bolster their defenses against the growing plague of malware seem eager to add this tactic to their arsenal. According to Burke, gateway filtering is the "fastest-growing market for antivirus solutions."

Supporting that contention, IDC has predicted dramatic growth in the Internet gateway market -- 34 percent compounded annually between 2001 and 2006. Right now, Trend Micro leads that market with a 45 percent share, according to Burke.

Filtering at the Gateway

The theory behind gateway filtering products is that many viruses can be barred from the workplace by monitoring the Simple Mail Transfer Protocol (SMTP), HyperText Transfer Protocol (HTTP) and File Transfer Protocol (FTP) to filter out malicious code, rather than depending on desktop antivirus software alone. "The gateway is the first layer to catch that [threat]," Trend Micro product manager Steve Quane told NewsFactor. "The goal is to risk-reduce the network."

Kevin Murry, a senior product marketing manager at Trend Micro, told NewsFactor that SMTP is the worst offender when it comes to allowing viruses into a networked environment. "Eighty-seven percent of viruses come in through SMTP," he said.

Filters Vital

If a company is not planning its filtering strategy yet, it should be. According to IDC's Burke, "Having antivirus protection at the gateway is probably one of the most important priorities in an organization."

But Quane said gateway filtering, though necessary, is just the beginning. "We don't think that's the full answer. [A company] should have [antivirus] capabilities everywhere." Murray agreed that companies must protect their entire network, not just a single point.

And other factors besides technology come into play. For example, a company cannot depend on a gateway solution if it is configured by a novice, according to Bob Toxen, one of the original Berkeley Unix (BSD) programmers. "You absolutely have to go with someone who is knowledgable about doing [security] configuration ," he told NewsFactor. "Otherwise, isn't it the same as saying you need surgery and ordering a scalpel and a book?"

What is a good rule of thumb for security spending? "Ten to 20 percent of the budget in terms of time and manpower," Toxen said.

The Coming Plague

Will gateway filtering be effective against viruses down the road? Toxen said methods of infection are not likely to change much. "[Crackers] have figured out most of the techniques. None of this stuff is rocket science. TCP (transmission control protocol) and UDP (user datagram protocol) weren't designed for security."

It is the impact of future viruses that Toxen worries about. "The current set of viruses, with the exception of Bugbear, are basically toys," he noted. "[I] think certainly, in terms of payload, it can get worse."

Burke agreed that the worst is yet to come. "As virus writers become more sophisticated, the payloads are going to become more viral, more destructive and harder to detect."

And the danger will not wane as operating systems become more sophisticated. When asked if OS vendors will ever render antivirus and security products obsolete and unnecessary, Toxen replied, "Not in my lifetime."