If an attack can happen to software monolith Microsoft, it can happen to anyone. Microsoft was hit with two 'denial-of-service' attacks last week, when its system was subjected to so many information requests that general traffic was halted and some of its Web sites made inaccessible. A spokesman said its sites were soon running again, it had notified the FBI and was taking steps to further protect customers. Asian companies have been more isolated than those in North America from sensational computer attacks that often left behind nasty viruses, violated information, contemptuous Web messages and red-faced officials. That was until the region began linking to the Web and expanding into e-commerce. Now Asian firms, which lag behind the United States by up to three years in security development, eventually could find themselves the targets of increasingly sophisticated attacks, experts say. Security analysts said the best defence was to install a protection policy and system, and for technology personnel to stay abreast of the changing landscape. If a system had been violated, there were ways of assessing and repairing the harm before fortifying the defences. The first step was to identify the extent of the damage before treating the wound. Viruses are the most common attacks. Many viruses were sent unwittingly via e-mail, said Paul Jackson, of the computer security unit of the Hong Kong Police. Thomas Lee, a senior security consultant at Unisys China/ Hongkong, said the best way to deal with viruses was to sever connections with outside systems. That allowed technology staff to scan information systems and servers to determine how widely the infection had spread. Technology director at KPMG Hong Kong James Pang said companies often could find patches on the Internet and download a program to fix the situation. After the patch was applied, tech staff could set up or improve security policy, Mr Lee added. Abby Tang, an engineering manager at Network Associates, said if company information was stolen or damaged the firms needed to take a close look at firewalls. If there was no suspicious activity, it was most likely to have been the work of an insider. Mr Jackson said the police also could press charges against employees who stole information and broke the law - but only if companies set up systems with barriers between departments. Attacks from insiders and vandals were becoming increasingly complex, US security expert Ron Gula said. 'There are attacks that defeat firewall and intrusion-detection systems,' he said. Mr Gula, vice-president of intrusion-detection solutions at Enterasys Networks, said malicious intruders could obscure their activities, and modify their weapons to include viruses. 'An attacker can change his attack on you any time he wants to.' As far as he could recall in his 10 years of experience, every one of his customers was besieged by an insider, with motives ranging from stupidity to a lack of morals. David Chang, regional security manager at Datacraft Asia, said attacks were changing so quickly that even protection systems struggled to keep up. He said that in one case Datacraft received a call from a senior manager at an Asian media company who had received an e-mail with a file request from a name that resembled that of the company president. The senior manager dutifully responded, sending the file to someone who had violated the system. Mr Chang also said denial-of-service attacks could not be halted, but once they started, tech staff could restart service by bypassing the besieged system. Mr Jackson said computer-related crimes in Hong Kong tended to be more 'conventional' than dramatic. 'There have not been a lot of break-ins of Web sites because there is not a lot of e-commerce here,' he said.