A welcome byproduct of increased national security is that the frequency and cost of computer-code viruses has dropped, says a new report from Computer Economics Inc. With cyberspace patrolled more heavily since September 11, "virus activity has been extremely low compared with prior months and years," says Michael Erbschloe, vice president of research at the Carlsbad, Calif.-based research firm, primarily because "typical virus- writers and run-of-the-mill hackers are concerned about getting caught." As of late November, the economic impact of viruses stood at $12.3 billion, compared with $17.1 billion in 2000.
Even the viruses that are unleashed appear to be wreaking less financial havoc, says Erbschloe, thanks largely to upgraded antivirus software that now automatically cleans and updates company servers after an attack. For example, the Nimda virus, launched on September 18, "was incredibly rampant," but cost companies a total of only $590 million, compared with the $8.75 billion price tag associated with the Love Bug virus in 2000, which hit before such automated cleanup was available. Goner, in early December, tallied losses of only about $5 million.
The respite from hackers could last for several years, or at least as long as terrorism stays in the headlines, predicts Erbschloe. Still, vendors continue to build stronger armor. More companies are layering their firewalls and implementing more sophisticated intrusion-detection systems that identify combinations of "seemingly innocent events that may indicate a coordinated multipoint attack," says James Goldman, professor of computer technology at Purdue University. Others are considering such extra defenses as Argus Systems Group's Pitbull, software that creates a moat around highly sensitive data. Up next, experts say, are devices that can heal themselves after an attack, such as servers IBM is developing within its Project eLiza initiative.