No, I don't believe that the people who sell antivirus software also write the viruses. But I do think that the days of the 'free internet' are numbered, following the latest spate of worms.

Effectively, the days where people expect to be able to scan incoming email for viruses are coming to an end. You used to be able to assume that people had a standard email client: a powerful desktop computer.

You used to have theories of virus propagation that were based on human illness. You had, above all, a belief that the internet infrastructure simply would carry the traffic. All that is ending.

A decade ago, if your computer was unlucky enough to get a virus it was probably because you left an infected floppy disk in the drive when you switched off the machine. When you switched it on again the next morning, it would boot from the infected disk. Hardly anybody used email.

The 'standard email client' idea relied on a desktop computer being what everybody had. What choice was there? Anything less powerful wouldn't have been able to cope 10 years ago.

Today, however, a pocket computer has 64MB of Ram, which would be more disk space than a standard 486-based PC could boast a decade ago. Even a mobile phone can store a week's worth of email.

The basis for virus protection a decade ago was a survey of human inoculation effectiveness. Essentially, studies showed that if 60 per cent or more of the population was vaccinated, the virus they were set to catch would be unable to spread.

It worked for computers, too. So, just as you would get measles from someone who had measles, you would get Form by swapping disks with someone who had Form.

That's gone. A virus can go around the world in an hour; one infected computer can send the infection to more machines in one day than got Form, ever. You can protect your own machine from the virus, perhaps, but the internet itself is flooded.

And the number of people who aren't protected has increased. It's a basic assumption of the economics of viruses and spam that people have up-to-date antivirus programs. They don't.

One excellent (and free) antivirus program, AVG, comes with a "recommendation that you update your virus definitions at least once a month", and is set up to check developer Grisoft's website that often.

It takes some time, knowledge, awareness and patience to change the default setting. In a world where the new virus propagates in two days, what use is that?

If you want a world where everybody updates their definitions every hour, then you have to charge. The web servers couldn't cope otherwise; you'd have to start using proxies and mirrors, which would all be the target of compromising attacks.

And the same goes for spam. Have a look at Microsoft Research's Penny Black Project at and you'll see a carefully worked out attempt to create a system where the cost of sending spam is covered by the sender. You have to spend computer cycles to get a 'ticket' to transmit mail. Even that isn't foolproof, of course.

To stop the internet choking itself to death with unsolicited email, the bulk of which is infected, the job of screening content has to be done by the internet itself. The single transmit of the first dodgy file has to be picked up by the internet service provider that is first given it to pass on.

In theory, this can be made to work. Plenty of people are selling solutions that, if universally adopted by all ISPs, would reduce the problem to a minor nuisance. But what we'd have then wouldn't be the internet.

At the moment, with minor exceptions, if you choose to send a packet over the internet, that packet will travel. There may be a firewall to bounce it back, of course, but the idea that someone will open it, check it for correctness, and record it before passing it on is unthinkable.

And a major reason, I would think, is cost; if ISPs had to install equipment to do that, the fees would have to increase.

But if the ISPs have to install the equipment to censor viruses anyway, simply to be able to cope, then the pressure to start censoring the packets for other reasons will grow.

It will start with corporate internet servers and firewalls getting bigger and more invasive. It will move into billing algorithms for spam. It will expand into traceable 'caller ID' for all packets, without which they won't be accepted.

And before you know where you're going, you'll find that there are things which are recognised as libel or illegal for some other reason, which can't be accepted.

At the moment, it can't happen. In a decade, when the typical mobile phone has the power and capacity of a mail server today, it will be automatic.

Enjoy the internet while it exists. Looking back, these days will seem like the swinging sixties.