There is a scene in the Hitchcock film 'The Birds' that has entered the annals of cinema history due to the tension it transmits: the moment the main characters leave the house and are suddenly surrounded by thousands of birds. The birds are just sitting there, but the tension created by the threat of a possible attack is enormous.
Today's IT security environment presents a similar scenario. We are surrounded by malware, yet none of the malicious codes is causing actual attacks like those that were once perpetrated by SQLSlammer, Blaster and many infamous others.
As we surf the Internet, we are surrounded by threats that could descend upon us at any moment, just like in the film. The difference is, the characters could see the birds and were consequently wary. As Internet users, we have become accustomed to using the Web carelessly, mistakenly thinking that as long as our PCs keep functioning normally, there is nothing to worry about.
Start to worry
Malware detection statistics in the past year are frightening. 2006 saw the detection of 96 000 examples of new malicious codes; this is more than in the past 15 years combined. At the peak, this meant a new instance of malicious code was being detected every 90 seconds. On average, 260 examples of new malware appeared every day; or one every five minutes.
Not long ago I heard someone say the computer virus era was over and everything was much more secure today.
Wrong. Really wrong!
The Internet is not more secure, quite the opposite. We are in an unsafe environment, one of imminent danger and potential disaster. The difference is that malware is now silent in order to avoid detection, and sometimes dormant to ensure it can strike at the opportune time. A few years ago, it was easy to know when a company had contracted a virus. Nowadays, countless users are running malware on their machines, completely unaware.
More dangerous than the myriad threats just a mouse click away is the simple fact that Internet users are unaware of the danger. We have become used to Web pages prompting us to accept the installation of some mysterious 'component'; to receiving numerous e-mails with dangerous attachments; and to having broadband connections open 24 hours a day, with no worries other than how long it will take to download a pirated version of the latest episode of our favourite series. Meanwhile, hackers are creating new malicious code every five minutes.
We are in an unsafe environment, one of imminent danger and potential disaster.
Jeremy Matthews, Dax Data founder
This is problematic, particularly considering that today's systems for protecting against malicious code still tend to use detection tools based primarily on the use of signature files. That may have been OK in 1998 when only 10 new malicious codes appeared each day and they took several days to spread. Back then, it was enough to update signature files on a daily basis, but how often should they be updated in today's world? Every hour?
In the next 60 minutes, a dozen new malicious codes will have appeared and it will only take a few minutes for them to spread. Quite simply, a security solution based exclusively on signature files is no longer sufficient when it comes to protecting workstations in this day and age.
Change in tactics
The most advanced companies in anti-malware protection have now developed solutions that are not based exclusively on signature files, but that can analyse system behaviour to identify dangerous activity. This is a great step forward, and takes us to a higher level of security. But even this, on its own, is not enough.
A recent study conducted in over 100 companies located in a wide array of geographic areas, ranging from North America, Europe, Asia and Africa, showed 76% of the companies surveyed were infected by some kind of malware even though all of them had some form of malware protection system installed that they considered reliable. Some even had full security suites. Each and every one of their network administrators was convinced their corporate network was safe and clean.
The problem is undoubtedly serious, but the solution is not as complicated as we might think. If current solutions are not adequate, all that's required is a system for searching for malicious code that is technologically more advanced than those we have at the moment. Security vendors need to rethink their strategy, products and business models.
Even though we think we are in good health, we still go for a check-up every now and again. Why not do the same with IT systems? An in-depth malware scan with the proper tools will reveal many unpleasant things. But just like cholesterol levels, it is better to find out while you are still alive.
Share