Loading…
The Benefits of a Notification Process in Addressing the Worsening Computer Virus Problem: Results of a Survey and a Simulation Model
Computer viruses present an increasing risk to the integrity of information systems and the functions of a modern business enterprise. Systematic study of this problem can yield better indicators of the impact of computer viruses as well as a better understanding of strategies to reduce that impact....
Saved in:
Published in: | Computers & security 2002-01, Vol.21 (2), p.142-163 |
---|---|
Main Authors: | , , , , |
Format: | Article |
Language: | English |
Subjects: | |
Citations: | Items that this one cites Items that cite this one |
Online Access: | Get full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
cited_by | cdi_FETCH-LOGICAL-c400t-187b117d97b3aed9d230ac9cdd32b62a2ab0fa2aafb10596b8686c31e9c1a8bf3 |
---|---|
cites | cdi_FETCH-LOGICAL-c400t-187b117d97b3aed9d230ac9cdd32b62a2ab0fa2aafb10596b8686c31e9c1a8bf3 |
container_end_page | 163 |
container_issue | 2 |
container_start_page | 142 |
container_title | Computers & security |
container_volume | 21 |
creator | Aron, Joan L O’Leary, Michael Gove, Ronald A Azadegan, Shiva Schneider, M.Cristina |
description | Computer viruses present an increasing risk to the integrity of information systems and the functions of a modern business enterprise. Systematic study of this problem can yield better indicators of the impact of computer viruses as well as a better understanding of strategies to reduce that impact.
We conducted a Computer Virus Epidemiology Survey (CVES) on the World Wide Web to examine indicators of the impact of computer viruses. A major finding from the CVES is that multiple indicators of the impact of computer viruses reveal a problem growing more severe that affects large, as well as small, organizations. Another important finding is that viruses not detected despite regular updating of antiviral software caused only about 15% to 21% of virus problems reported in workgroups using antiviral software. The possible reasons for failure to detect include improper configuration of software and the inability of all known anti-virus detectors to detect. A related implication is that a substantial amount of damage due to viruses could probably have been prevented by regular updating of antiviral software.
We also used the CVES in the development of a simulation model for the spread of computer viruses in workgroups in order to analyze the effect of a notification process on control. Our major finding is that the process of notification, whether by human behaviour or by technology, substantially reduces the impact of computer viruses in workgroups. For example, if a workgroup has a period of vulnerability when only 80% of its workstations are effectively using antiviral software, then even a 50% probability of notification of a detected virus substantially reduces the burden. An added benefit of maintaining an environment with high effective antiviral software usage and high levels of notification is that greater rates of communication events that can potentially transmit computer viruses within the workgroup actually reduce the impact of computer viruses in the workgroup. Anecdotal observations also indicate that the process of notification is significant in controlling the spread of ‘new’ viruses not yet detectable by software, although the process of notification from law enforcement authorities to workgroups was not in the simulation model.
More formally, the reduced impact of computer viruses in a workgroup due to a greater rate of communication events that can potentially transmit computer viruses corresponds to a situation when a computer virus introduc |
doi_str_mv | 10.1016/S0167-4048(02)00210-9 |
format | article |
fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_207398229</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167404802002109</els_id><sourcerecordid>114816119</sourcerecordid><originalsourceid>FETCH-LOGICAL-c400t-187b117d97b3aed9d230ac9cdd32b62a2ab0fa2aafb10596b8686c31e9c1a8bf3</originalsourceid><addsrcrecordid>eNqFUMtOwzAQtBBIlMcnIFmc4BBYO23icEFQ8ZJ4iefR8mMDRmlc7KRSP4D_JmmBK5fZHWlmVjuE7DA4YMCyw8cO8mQIQ7EHfB-AM0iKFTJgIudJxkGsksGfZJ1sxPgBwPJMiAH5enpHeoo1lq6J1JdU0VvfuNIZ1Thf0_vgDcZIXU1PrA3d6uo32nSmVx8i1j0b-8m0bTDQFxfa2Ft0hZMj-oCxrX5TH9swwzlVte2Jm7TV8sCNt1htkbVSVRG3f-YmeT4_expfJtd3F1fjk-vEDAGapHtIM5bbItepQltYnoIyhbE25TrjiisNZYeq1AxGRaZFJjKTMiwMU0KX6SbZXeZOg_9sMTbyw7eh7k5KDnlaCM6LTjRaikzwMQYs5TS4iQpzyUD2hctF4bJvUwKXi8Jl7zte-rD7YOYwyGgc1gatC2gaab37J-EbphqJbg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>207398229</pqid></control><display><type>article</type><title>The Benefits of a Notification Process in Addressing the Worsening Computer Virus Problem: Results of a Survey and a Simulation Model</title><source>ScienceDirect Journals</source><creator>Aron, Joan L ; O’Leary, Michael ; Gove, Ronald A ; Azadegan, Shiva ; Schneider, M.Cristina</creator><creatorcontrib>Aron, Joan L ; O’Leary, Michael ; Gove, Ronald A ; Azadegan, Shiva ; Schneider, M.Cristina</creatorcontrib><description>Computer viruses present an increasing risk to the integrity of information systems and the functions of a modern business enterprise. Systematic study of this problem can yield better indicators of the impact of computer viruses as well as a better understanding of strategies to reduce that impact.
We conducted a Computer Virus Epidemiology Survey (CVES) on the World Wide Web to examine indicators of the impact of computer viruses. A major finding from the CVES is that multiple indicators of the impact of computer viruses reveal a problem growing more severe that affects large, as well as small, organizations. Another important finding is that viruses not detected despite regular updating of antiviral software caused only about 15% to 21% of virus problems reported in workgroups using antiviral software. The possible reasons for failure to detect include improper configuration of software and the inability of all known anti-virus detectors to detect. A related implication is that a substantial amount of damage due to viruses could probably have been prevented by regular updating of antiviral software.
We also used the CVES in the development of a simulation model for the spread of computer viruses in workgroups in order to analyze the effect of a notification process on control. Our major finding is that the process of notification, whether by human behaviour or by technology, substantially reduces the impact of computer viruses in workgroups. For example, if a workgroup has a period of vulnerability when only 80% of its workstations are effectively using antiviral software, then even a 50% probability of notification of a detected virus substantially reduces the burden. An added benefit of maintaining an environment with high effective antiviral software usage and high levels of notification is that greater rates of communication events that can potentially transmit computer viruses within the workgroup actually reduce the impact of computer viruses in the workgroup. Anecdotal observations also indicate that the process of notification is significant in controlling the spread of ‘new’ viruses not yet detectable by software, although the process of notification from law enforcement authorities to workgroups was not in the simulation model.
More formally, the reduced impact of computer viruses in a workgroup due to a greater rate of communication events that can potentially transmit computer viruses corresponds to a situation when a computer virus introduced into the workgroup produces, on average, less than one copy in the workgroup. This threshold corresponds to the basic reproduction ratio in epidemiology that describes the spread of infectious disease.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/S0167-4048(02)00210-9</identifier><identifier>CODEN: CPSEDU</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>antiviral software ; computer virus ; Computer viruses ; Cybersecurity ; notification process ; Polls & surveys ; Simulation ; simulation model ; Software ; survey</subject><ispartof>Computers & security, 2002-01, Vol.21 (2), p.142-163</ispartof><rights>2002 Elsevier Science Ltd</rights><rights>Copyright Elsevier Sequoia S.A. 2002</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c400t-187b117d97b3aed9d230ac9cdd32b62a2ab0fa2aafb10596b8686c31e9c1a8bf3</citedby><cites>FETCH-LOGICAL-c400t-187b117d97b3aed9d230ac9cdd32b62a2ab0fa2aafb10596b8686c31e9c1a8bf3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>315,786,790,27957,27958</link.rule.ids></links><search><creatorcontrib>Aron, Joan L</creatorcontrib><creatorcontrib>O’Leary, Michael</creatorcontrib><creatorcontrib>Gove, Ronald A</creatorcontrib><creatorcontrib>Azadegan, Shiva</creatorcontrib><creatorcontrib>Schneider, M.Cristina</creatorcontrib><title>The Benefits of a Notification Process in Addressing the Worsening Computer Virus Problem: Results of a Survey and a Simulation Model</title><title>Computers & security</title><description>Computer viruses present an increasing risk to the integrity of information systems and the functions of a modern business enterprise. Systematic study of this problem can yield better indicators of the impact of computer viruses as well as a better understanding of strategies to reduce that impact.
We conducted a Computer Virus Epidemiology Survey (CVES) on the World Wide Web to examine indicators of the impact of computer viruses. A major finding from the CVES is that multiple indicators of the impact of computer viruses reveal a problem growing more severe that affects large, as well as small, organizations. Another important finding is that viruses not detected despite regular updating of antiviral software caused only about 15% to 21% of virus problems reported in workgroups using antiviral software. The possible reasons for failure to detect include improper configuration of software and the inability of all known anti-virus detectors to detect. A related implication is that a substantial amount of damage due to viruses could probably have been prevented by regular updating of antiviral software.
We also used the CVES in the development of a simulation model for the spread of computer viruses in workgroups in order to analyze the effect of a notification process on control. Our major finding is that the process of notification, whether by human behaviour or by technology, substantially reduces the impact of computer viruses in workgroups. For example, if a workgroup has a period of vulnerability when only 80% of its workstations are effectively using antiviral software, then even a 50% probability of notification of a detected virus substantially reduces the burden. An added benefit of maintaining an environment with high effective antiviral software usage and high levels of notification is that greater rates of communication events that can potentially transmit computer viruses within the workgroup actually reduce the impact of computer viruses in the workgroup. Anecdotal observations also indicate that the process of notification is significant in controlling the spread of ‘new’ viruses not yet detectable by software, although the process of notification from law enforcement authorities to workgroups was not in the simulation model.
More formally, the reduced impact of computer viruses in a workgroup due to a greater rate of communication events that can potentially transmit computer viruses corresponds to a situation when a computer virus introduced into the workgroup produces, on average, less than one copy in the workgroup. This threshold corresponds to the basic reproduction ratio in epidemiology that describes the spread of infectious disease.</description><subject>antiviral software</subject><subject>computer virus</subject><subject>Computer viruses</subject><subject>Cybersecurity</subject><subject>notification process</subject><subject>Polls & surveys</subject><subject>Simulation</subject><subject>simulation model</subject><subject>Software</subject><subject>survey</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2002</creationdate><recordtype>article</recordtype><recordid>eNqFUMtOwzAQtBBIlMcnIFmc4BBYO23icEFQ8ZJ4iefR8mMDRmlc7KRSP4D_JmmBK5fZHWlmVjuE7DA4YMCyw8cO8mQIQ7EHfB-AM0iKFTJgIudJxkGsksGfZJ1sxPgBwPJMiAH5enpHeoo1lq6J1JdU0VvfuNIZ1Thf0_vgDcZIXU1PrA3d6uo32nSmVx8i1j0b-8m0bTDQFxfa2Ft0hZMj-oCxrX5TH9swwzlVte2Jm7TV8sCNt1htkbVSVRG3f-YmeT4_expfJtd3F1fjk-vEDAGapHtIM5bbItepQltYnoIyhbE25TrjiisNZYeq1AxGRaZFJjKTMiwMU0KX6SbZXeZOg_9sMTbyw7eh7k5KDnlaCM6LTjRaikzwMQYs5TS4iQpzyUD2hctF4bJvUwKXi8Jl7zte-rD7YOYwyGgc1gatC2gaab37J-EbphqJbg</recordid><startdate>20020101</startdate><enddate>20020101</enddate><creator>Aron, Joan L</creator><creator>O’Leary, Michael</creator><creator>Gove, Ronald A</creator><creator>Azadegan, Shiva</creator><creator>Schneider, M.Cristina</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20020101</creationdate><title>The Benefits of a Notification Process in Addressing the Worsening Computer Virus Problem: Results of a Survey and a Simulation Model</title><author>Aron, Joan L ; O’Leary, Michael ; Gove, Ronald A ; Azadegan, Shiva ; Schneider, M.Cristina</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c400t-187b117d97b3aed9d230ac9cdd32b62a2ab0fa2aafb10596b8686c31e9c1a8bf3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2002</creationdate><topic>antiviral software</topic><topic>computer virus</topic><topic>Computer viruses</topic><topic>Cybersecurity</topic><topic>notification process</topic><topic>Polls & surveys</topic><topic>Simulation</topic><topic>simulation model</topic><topic>Software</topic><topic>survey</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Aron, Joan L</creatorcontrib><creatorcontrib>O’Leary, Michael</creatorcontrib><creatorcontrib>Gove, Ronald A</creatorcontrib><creatorcontrib>Azadegan, Shiva</creatorcontrib><creatorcontrib>Schneider, M.Cristina</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers & security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Aron, Joan L</au><au>O’Leary, Michael</au><au>Gove, Ronald A</au><au>Azadegan, Shiva</au><au>Schneider, M.Cristina</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>The Benefits of a Notification Process in Addressing the Worsening Computer Virus Problem: Results of a Survey and a Simulation Model</atitle><jtitle>Computers & security</jtitle><date>2002-01-01</date><risdate>2002</risdate><volume>21</volume><issue>2</issue><spage>142</spage><epage>163</epage><pages>142-163</pages><issn>0167-4048</issn><eissn>1872-6208</eissn><coden>CPSEDU</coden><abstract>Computer viruses present an increasing risk to the integrity of information systems and the functions of a modern business enterprise. Systematic study of this problem can yield better indicators of the impact of computer viruses as well as a better understanding of strategies to reduce that impact.
We conducted a Computer Virus Epidemiology Survey (CVES) on the World Wide Web to examine indicators of the impact of computer viruses. A major finding from the CVES is that multiple indicators of the impact of computer viruses reveal a problem growing more severe that affects large, as well as small, organizations. Another important finding is that viruses not detected despite regular updating of antiviral software caused only about 15% to 21% of virus problems reported in workgroups using antiviral software. The possible reasons for failure to detect include improper configuration of software and the inability of all known anti-virus detectors to detect. A related implication is that a substantial amount of damage due to viruses could probably have been prevented by regular updating of antiviral software.
We also used the CVES in the development of a simulation model for the spread of computer viruses in workgroups in order to analyze the effect of a notification process on control. Our major finding is that the process of notification, whether by human behaviour or by technology, substantially reduces the impact of computer viruses in workgroups. For example, if a workgroup has a period of vulnerability when only 80% of its workstations are effectively using antiviral software, then even a 50% probability of notification of a detected virus substantially reduces the burden. An added benefit of maintaining an environment with high effective antiviral software usage and high levels of notification is that greater rates of communication events that can potentially transmit computer viruses within the workgroup actually reduce the impact of computer viruses in the workgroup. Anecdotal observations also indicate that the process of notification is significant in controlling the spread of ‘new’ viruses not yet detectable by software, although the process of notification from law enforcement authorities to workgroups was not in the simulation model.
More formally, the reduced impact of computer viruses in a workgroup due to a greater rate of communication events that can potentially transmit computer viruses corresponds to a situation when a computer virus introduced into the workgroup produces, on average, less than one copy in the workgroup. This threshold corresponds to the basic reproduction ratio in epidemiology that describes the spread of infectious disease.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/S0167-4048(02)00210-9</doi><tpages>22</tpages></addata></record> |
fulltext | fulltext |
identifier | ISSN: 0167-4048 |
ispartof | Computers & security, 2002-01, Vol.21 (2), p.142-163 |
issn | 0167-4048 1872-6208 |
language | eng |
recordid | cdi_proquest_journals_207398229 |
source | ScienceDirect Journals |
subjects | antiviral software computer virus Computer viruses Cybersecurity notification process Polls & surveys Simulation simulation model Software survey |
title | The Benefits of a Notification Process in Addressing the Worsening Computer Virus Problem: Results of a Survey and a Simulation Model |
url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-09-22T18%3A18%3A04IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=The%20Benefits%20of%20a%20Notification%20Process%20in%20Addressing%20the%20Worsening%20Computer%20Virus%20Problem:%20Results%20of%20a%20Survey%20and%20a%20Simulation%20Model&rft.jtitle=Computers%20&%20security&rft.au=Aron,%20Joan%20L&rft.date=2002-01-01&rft.volume=21&rft.issue=2&rft.spage=142&rft.epage=163&rft.pages=142-163&rft.issn=0167-4048&rft.eissn=1872-6208&rft.coden=CPSEDU&rft_id=info:doi/10.1016/S0167-4048(02)00210-9&rft_dat=%3Cproquest_cross%3E114816119%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c400t-187b117d97b3aed9d230ac9cdd32b62a2ab0fa2aafb10596b8686c31e9c1a8bf3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=207398229&rft_id=info:pmid/&rfr_iscdi=true |