It was encouraging to hear Symantec Corp. executives talking recently about how the old stalwart security threats of worms and viruses are becoming a thing of the past. As CEO John Thompson pointed out during a media event in New York City earlier this month, it has been a while since one of the pesky little varmints wreaked wide-scale havoc throughout the online world.
Fortunately for us all — especially IT managers charged with spending many a late-night hour trying to mitigate their crushing effects — the heyday of the likes of ILOVEYOU and Blaster has largely become a dim, yet still chilling, memory.
It’s taken a little while, but, on the surface at least, it appears that the white hats have won the day over the black hats.
One has to wonder, however, just how much of the shift away from viruses and worms has to do with security vendor persistence versus the somewhat natural shift on the part of virus and worm creators into untapped and more vulnerable territory. In the world of online security, a fairly well-established tenet stipulates that when one hole is successfully plugged up against a threat, the people creating that threat will move on to a weaker area of defence.
To be more specific, the worm and virus threat has been dealt with thoroughly enough to force the bad guys to look for other paths that will allow them to practice their shady art. They aren’t stupid, and they don’t like taking more time than is necessary to bring down hundreds of thousands of machines and see the reports of the chaos they’ve induced plastered all over the six o’clock newscasts.
The amount of resources Symantec and other security vendors have thrown at the virus/worm threat seems to have proven large enough to scare most of the ne’er-do-wells off and onto “greener” pastures.
And it’s those pastures that should (unfortunately) prevent IT personnel from sleeping too soundly in the months and years ahead. It appears likely that threats such as mobile viruses and router worms — not to mention everyone’s favourite current bugaboo: spam — are already doing a fine job of replacing their predecessors as a collective royal pain in the IT neck.
So while it’s nice to think of one battle that appears to have been won, the security war is one that, sadly, has no end. Its effects are simply the price that must be paid for conducting business in the 21st century.