Remember when the only viruses you worried about were those hitchhiking into PCs through the floppy drive? When was the last time you used a floppy drive? Today, the single most common entry point for viruses, or, more accurately, malicious mobile code, is the e-mail in-box. Last year, the Melissa and ILOVEYOU viruses hijacked e-mail clients to skip around the world, leaving infected systems in their wake and demonstrating how dangerous open e-mail systems can be to the health and well-being of a company's tech infrastructure. And the risks of exposure will only grow. By the end of 2001, an estimated 1 billion e-mail addresses will exist worldwide, according to Eric Arnum, editor of Messaging Today (Web site). This year, between 500 billion and 2 trillion e-mails will be sent, depending on whose calculations you follow. By the first half of the year, the CERT Coordination Center, a reporting center for Internet security problems, had already received close to 9,000 incident reports -- more than one-quarter of the total reported since 1988.

Virtually unknown a few years ago, macro viruses now account for 68.8 percent of all instances of malicious mobile code, according to Vincent Weafer, director of the Symantec AntiVirus Research Center (SARC). Coming in second were VBScript viruses, at 22 percent. The next point of attack for these two types of viruses will be PDAs and other wireless devices.

Despite these threats, many administrators are reluctant to add the latest operating-system update or security patch for fear of destabilizing their carefully balanced systems. So what's a cautious company to do?