I enjoy reading the opinions of Sophos technovangelist Graham Cluley. I can always count on him to offer a level-headed view of the virus scene from his British perch.

I asked Cluley why his survey didn’t include “antivirus software” as a choice. He slapped his forehead…

Yet Cluley is all too human. In this case he overlooked the obvious in his latest unscientific survey on the Downadup worm that now hogs the media spotlight. When he asked “who is most to blame” for the spread of the worm, his readers responded as follows:

• 53% blamed “the hackers, who wrote the worm in the first place”;
• 30% blamed “system administrators, for not rolling out the Microsoft security patch quickly enough”; and
• 17% blamed “Microsoft, it was their security vulnerability that allowed the worm to spread.”

My longtime readers already know what’s missing in this survey: “Antivirus software, for not detecting it in the first place.” I mean, come on — would Cluley forget “airport security guards” when asking “who is most to blame” for aircraft hijackings?

Cluley certainly knows my opinions on this topic, so I asked him by email why he didn’t include “antivirus software” as a survey choice. He slapped his forehead. “That would have been fun,” he admitted in his reply.

Cluley went on to answer my next question before I asked it. “Our proactive behavioural stuff detected [the Downadup worm] before we saw it in our labs.” Of course, my longtime readers know he made an obvious statement — Sophos has a very long history with heuristic virus detection techniques. Cluley said much the same in a column I wrote waaaaay back in the previous millennium:

“The fact is that Sophos started with this [heuristic] approach years ago before we had a virus-specific product. We had (and indeed still have) a utility called Vaccine. What we found was that customers don’t like generic anti-viruses. It’s actually the customers who have insisted on virus specific protection rather than the [antivirus] companies.”

“It’s actually the customers” who insist on using inferior antivirus software, Cluley said in the 1990s. Computer users to this day — especially the U.S. government — cling to an addictive update model that ironically helps rather than hinders the spread of Downadup and its ilk.

Society has never demanded better antivirus technology up to this point. Right now, though, I don’t think the Downadup worm will convince society to give up the addictive update model. It’ll take a global network catastrophe of some sort, and Downadup just doesn’t look like one in the making.

Yet I do believe that day will come, and my longtime readers will recall what I’ve said for years:

When society finally demands better antivirus technology, I predict the global antivirus cartel will stand up as one and shout “eureka, the state of the art has advanced, and just in the nick of time!” I’ll back the industry 110% when their marketers lie to [society] about the “sudden” technological advancement in antivirus software…