This week Mike Small, security vice president of eTrust R&D at Computer Associates, praises the unsung heroes of the antivirus world: virus researchers.

Over recent months, high-profile computer viruses such as SoBig and Blaster have hogged the spotlight.

We know what these viruses do, but not how they are stopped.

Within the security industry a group of people known as virus researchers catalogue and study computer viruses and the weaknesses they exploit.

They keep copies of all known viruses for study in a safe environment known as a 'virus zoo'.

When a new virus appears in the wild, the first people to notice it are users who are infected. If the security policy of such users is adequate, they will send the suspicious files to their antivirus software provider.

Enter our heroes. The virus researchers they pick up the supposedly infected file to find out if it contains a virus and whether it is a new one.

Viruses spread rapidly and come from many different sources, so the researchers have a lot of potential risks to assess.

In an average week Computer Associates receives around 35,000 suspect files by email. Investigating all these files manually would be very time consuming and labour intensive. So an element of automation has to be brought to the process.

We use artificial intelligence software that studies the file to look for threats. It compares them with known viruses, and puts them into various environments to see if they reproduce.

This has proved very effective at identifying infected files and viruses. On average, of the 35,000 files received, the software identifies more than 33,500 as being either known viruses or clean. This dramatically reduces work and allows the researchers to focus on problem areas.

However, there are still 1,500 files to be manually examined. The virus researchers look at these unknown files to see if they really contain a new virus. If they do, it's important to understand in detail how it operates, and therefore how to block it.

The researchers work to a series of priorities, the first of which is to stop the virus replicating. The next step is to find a cure and extinguish the virus, restoring the infected computer back to its original state.

They will publish the virus signature and cure once they have found them, which is usually within a matter of hours.

Then comes a frequently forgotten step of the process: keeping customers informed of progress so that they can take evasive action to isolate the virus.

Once the antivirus update has been published, the next problem is for customers to deploy the cure. This is the most critical phase, as the longer deployment takes, the greater the risk.

For this reason it is important that antivirus software provides protection quickly and reliably - another skill the virus researcher has to possess.

Businesses globally have come to depend upon these unsung heroes working behind the scenes and around the clock.

Maybe it's time we gave them a little more thought.