David Perry lives and breathes computer viruses.
For the last ten years he has caught them, taken them to bits and studied them, broadcast across the world about what he has found, and addressed countless conferences. He works for a major antivirus firm, Trend Micro, and in his time has worked for other big names in the virus war including McAfee and Symantec.
So, as you'd expect, he's the kind of guy who takes these malicious bits of computer code pretty seriously. So seriously, in fact, he worries about the day when some creaking system in a hospital ward gets infected and crashes, endangering some vital piece of life support equipment. "I really believe that in the future someone could die as a result of a virus," he told me yesterday.
All of which made Perry's comments to a specialist meeting earlier this week extremely puzzling. Perry was in Munich for the 10th annual conference of the European Institute for Antivirus Research, and he delivered a paper and speech which had the virus community abuzz.
For, instead of talking (for instance) about the dangers of Microsoft Outlook and visual basic - two tools of choice for today's easily assembled computer virus - he talked of "a growing problem, and one not addressable by conventional engineering the problem of ignorance, of mistaken or misinformed action."
His worry? That there is a growing gap between real viruses and the surrounding mythology. That, increasingly, the real virus is the hype.
A perfect example he cites was the Anna Kournikova outbreak of last month. Just in time for Valentines Day, a very simple virus created using a simple toolkit spread across the net. Victims - expecting a titillating picture of tennis star Kournikova - clicked on an executable file, which then used the users address book to mail copies of itself to all the names in it.
Within hours of the virus being identified by several large virus protection companies, breathless public relations people were hitting the phones. This one, they told me and several other journalists, was as big as the Love Bug outbreak of the previous year, spreading fast and threatening to bring the world's email to a crashing halt.
It did nothing of the kind, of course, but thanks to the efficient work of the public relations folk the virus still served some kind of purpose. The virus protection businesses quoted in the resultant press got a little boost, and lots of computer users were left worried about their machines being invaded.
Perry, a former help desk staffer, knows only too well what happens next. A deep suspicion is born; of the internet, of email, of computers themselves. Users panic, reformatting drives and wasting vast amounts of time recovering from their own blunders, even when they never had a virus.
The hype machine, says Perry, talks up the danger out there. Symantec, makers of Norton Anti-Virus, boasts on its webpage today that its software covers you against 48,816 viruses. What they don't mention is that only 800 viruses have ever infected a computer anywhere, and that only around 200 (including this week's fave, the "Naked Wife" virus) are doing the rounds at the moment.
"All the others are kept under lock and key at the antivirus companies themselves," Perry told me. "Most virus writers fear breaking the law by releasing their code into the wild, so they email it directly to the antivirus companies asking 'is this dangerous?' We say 'oh, yes, it's dangerous', and then lock it away."
It is said boxers never see the punch that gets them. Similarly, the deadly virus that creeps into vital hospital systems, without the aid of a headline-grabbing naked wife or a Kournikova, could be the one that causes the tragedy he dreads.
It's time to calm the hype down and get real, says Perry, before his industry cries "wolf" one too many times.
£149#; Discuss this and the week's other IT stories tomorrow at the Guardian talk boards at www.theguardian.com, with online deputy editor Neil McIntosh. You can post your questions now, or join in live from 1pm.
Useful links
Symantec
