In light of the quantity of malicious code crawling across the Web, security software vendors are devising new methods to protect PCs. But industry observers say the problem won’t be solved by technology alone.
“We can have all sorts of new antivirus or IDS (intrusion detection system) technology come down the pipe,” said Ted Slodichak, chief security officer at WhiteHat Inc., a security solutions provider in Burlington, Ont. “The problem is really a human behaviour problem, an architecture problem, an Internet problem and a software development problem.”
Lately it comes down to a worm problem — specifically, a series of digital demons this past summer.
MS Blaster infected more than one million computers, according to Internet Security Systems Inc. (ISS). Blaster was supposed to enact a denial-of-service (DoS) attack on Microsoft Corp.’s support site, Windows Update, although due to errors in the worm the offensive fell flat.
Security experts discovered the Welchia worm on Aug. 18. After infecting a computer, it would attempt to download a Microsoft fix for Blaster and apply it to the affected PC.
Sobig.F was meant to link with certain servers in Canada, South Korea and the United States, whence it would download an unknown application and apply the code to infected PCs, according to F-Secure Corp. The program failed, however, as the target servers were disconnected or shut down before the worm could do its worst.
Security software vendors say they have ways to help protect corporations. In September Symantec unveiled Norton SystemWorks 2004. This suite includes the latest version of Norton AntiVirus, which offers advanced scanning capabilities to inoculate PCs against viruses hiding in compressed files gleaned from peer-to-peer networks and instant messaging (IM) services.
That same month, F-Secure launched its Anti-Virus Client Security platform, which combines firewall and antivirus on a simple deployment system so IT teams can easily protect computers across the enterprise.
ISS earlier this year announced RealSecure Desktop 7.0, which incorporates firewall functionality and application scanning to help guard against suspicious, as well as known, malicious network traffic.
During a recent Web conference, Joshua Corman, ISS’s technical products manager, talked up the firm’s X-Force, a team of security experts that creates patches for vulnerabilities within days of discovery. Corman said most enterprises take weeks to patch; X-Force could shave plenty of time off the process, he said.
Microsoft, meanwhile, is pondering automatic patching to get fixes onto computers quicker — although it’s a tightrope act. “One of the things we are working on is a balance between keeping systems up to date and giving users the control over their systems,” said Matt Pilla, senior product manager for Windows.
But WhiteHat’s Slodichak says these protective endeavours won’t cure all. Many factors confound efforts to safeguard connectivity. The Internet, for instance, is designed to ensure transmissions reach their destinations. That robust infrastructure works as well for worms as it does for business data.
Also, “we have software that’s being rushed to market. It’s not any one particular vendor. It’s everybody…. So long as it’s being written with vulnerabilities, there will be hacker exploits, worms and viruses that take advantage of that.”
Slodichak likewise blames human behaviour. Despite warnings, people patch late. Users open e-mail messages from unknown sources when they’ve been told not to. At home they install expensive applications but spend little on updating their antivirus software.
But if users are to blame, so is security software, said John Aycock. An assistant professor at the University of Calgary’s computer science department, he teaches a contentious course about malware, in which students learn to design viruses in an effort to better understand the enemy.
“In the bigger picture, our entire approach to computer security is reactive,” Aycock said. “We have a security problem in one spot, we fix that one spot. A proactive approach would be a better one. Users have to keep their machines up to date, and use antivirus software and firewall software with aggressive policies.”
Victor Keong, a Toronto-based partner in Deloitte & Touche’s security services practice, agreed that a proactive approach is best. He said some companies are exploring behaviour-based or heuristic antivirus systems, such as the technology found in Panda Software’s offerings. Whereas today’s signature-based antivirus apps scrutinize incoming code, heuristic programs explore the app’s behaviour to decide if a program is unfriendly.
But behavioural antivirus isn’t ready for prime time. “It’s more of an art than a science right now,” Keong said, explaining that heuristics present false positives.
Security software isn’t perfect. But new products from vendors suggest it’s improving. And at least it’s better than nothing, as one user learned the hard way.
“We have a consultant that went out on a call to an acquaintance of his who bought a new notebook (and) put it out on a cable modem,” Slodichak said. “It was compromised within 45 minutes. Within two days the notebook was totally unusable because it had been trojaned and virused so many times. The machine had to be completely rebuilt…. If you don’t use [antivirus] or firewall services, the Internet is a very dangerous environment.”
– With files from IDG News Service