SlideShare a Scribd company logo

Attack of the killer virus!

U
UltraUploader
1 of 7
Download to read offline
16 n W T hough more than 600 million people worldwide use the Internet, it takes only one virus writer to make just about all of us miserable. Like a single stray neutron in a critical mass of plutonium, a lone virus can trigger a chain reaction that spews thousands of copies from desktop to desktop. Last summer’s aptly named SoBig virus was an all-too-real example of this danger. “At [SoBig.F’s] peak, one out of 17 e-mails that we were processing was a copy of the…virus,” says Josh White of U.S.-based e-mail security group MessageLabs. “Certainly we haven't seen numbers I l l u s t ra t i o n b y D y n a m i c D u o S t u d i o . c o m Attack of the KILLER VIRUS! [ B Y D E N N I S F O W L E R ]
updates, pop-ups, opt-outs, and buckets of questionable information, plus the message that anytime an alligator bites them in the butt, it's because they are ‘careless.’” “Users open PIF attachments because they're attached—why would they know enough about computers to know which files to open and which not to open?” asks Michael “Mac” McCarthy, VP Editorial and Portals, DevX Division/Jupiter Media Inc. “A technology this widely used can't reasonably expect that level of expertise from its users; it's simply impractical.” Besides, with multi-vector viruses like Blaster, which spread both via e-mail and through an unguarded port 135, the aver- age home user can be infected even if no e- mail is received, no attachment is activated. In any case, the average user is unlikely to take the pro-active step of keeping the sys- tem patched, anti-virus software up-to- date. Most don’t know what a firewall is, let alone how to implement it. Pros to the Rescue? Even if we could depend on the average user, a heavy burden rests on IT depart- ments and ISPs to make sure their patches are up to date, their filters enabled. That is easier said than done. “[Administrators] don't apply patches regularly,” McCarthy points out, “because the patches themselves are buggy and crip- pling just often enough for it to be the con- ventional wisdom…to let patches cool off for a few months before applying them. Now [administrators are] happy to discov- er they're screwed no matter what they do—install all patches right away and risk screwing up the system…or wait and only install patches that have proven themselves. And when hackers jump in…you get abuse from your users—and the press.” Mandatory patches have been emerging from Microsoft at an average of more than once a week. Clearly we can’t depend on ATTACK OF THE KILLER VIRUS! DECEMBER 2003 n W18 like this before.” At that time AOL scanned 40.5 million e-mails and found SoBig.F in half of them. In fact, SoBig accounted for 98 percent of all viruses then circulating— all this from a single virus-writing miscre- ant. How can we possibly hope to stop the inevitable legions of similarly determined troublemakers? Better get used to it: There are no easy solutions to the virus problem. Blaming the Victim What, do you suppose, is the percentage of users who will open and run an e-mail attachment from a total stranger? Five per- cent? Ten percent? Maybe more: In an arti- cle in the September 12, 2003 issue of The New York Times, a study is cited where a test virus was e-mailed anonymously to 13 members of a bank’s computer security team. “Five members of the I.T.-security- savvy team in the financial sector executed an in-your-face [virus],” reported Roelof Temmingh, technical director at South Africa-based SensePost Information Security, at a July security conference in Las Vegas. That’s over 38 percent. One can only imagine the percentage of less-sophisti- cated users who would have acted exactly the same way. The temptation is to blame careless users for unthinkingly launching these infections, blame them for not keeping their systems patched, protected with anti-virus software, for not implementing firewalls. “In all fair- ness, users aren't so much ‘careless’ as over- whelmed by a world not their making,” says Karen G. Schneider, director of the Web portal, Librarians' Index to the Internet (http://lii.org/). “The sales pitch has been ‘technology will change your life.’ The part we all left out is ‘yes, but not necessar- ily for the better.’ So they go online to send e-mail to their kids, buy dresses from Sears, and otherwise participate in our ‘paperless society’…and the next thing they know, they're grappling with spam, viruses,
users or administrators. Who’s left? Can Programmers Be Held Liable for Software Breaches? The end-user license we agree to when we open a software package almost always says that there is “NO LIABILITY FOR CONSEQUENTIAL DAMAGES,” or words to that effect. As the flaws and holes in Windows mount, so does a cry to hold Microsoft accountable. That clause now faces a legal challenge, thanks to a suit filed in October in Los Angeles Superior Court. Claiming Microsoft's “eclipsing dominance in desktop software has created a global security risk,” a suit was filed on behalf of a mother of two from Los Angeles whose identity was stolen thanks to a hacker invading her system. “We represent an individual plaintiff who is also seeking to be a class represen- tative on behalf of all U.S. purchasers of Microsoft operating system software,” said attorney Dana Taschner, the Newport Beach, California, who filed the suit. At the time of this writing Microsoft is studying the action. They hope to quash the class action certification, which would effectively neutralize the suit. The company blames the problems on the hackers who write the worms and hack the systems, not on their own failings. If a locksmith knowingly sells flawed locks, can he be held liable for the burglar- ies that result? If the class action request is accepted, Microsoft may find itself facing monumen- tal liability claims. Bruce Schneier, CTO of Counterpane Security and a noted comput- er security expert, hopes they do. “Maybe then Microsoft will finally get the message and secure their software,” he says. But can they? In Fairness to Microsoft Totally securing an operating system any operating system—but particularly Microsoft Windows—is incredibly challenging. In “CyberInsecurity: The Cost of Monopoly,” a report written by a half dozen independent security experts (Bruce Schneier included) and published by the Computer & Communications Industry Association (CCIA, www.ccianet.org/ index.php3), the authors note that com- plexity drives the creation of security flaws and that “experts often describe software complexity as proportional to the square of code volume.” The report says Windows NT code vol- ume increased 35 percent per year, that complexity increased 80 percent per year. Internet Explorer code volume increased 220 percent per year, increasing complexity 380 percent per year. Another source of Windows’ vulnerabil- ATTACK OF THE KILLER VIRUS! DECEMBER 2003 n W 19 TOTALLY securing an operating system— any operating system, but particularly Microsoft Windows—is incredibly challenging.
ity has been Microsoft’s focus on ease of use. There’s always a tradeoff here: As any- one who has taken a flight on a commer- cial airline in the last two years can attest, the greater the security, the greater the inconvenience to the traveler. And inconve- nience is not exactly what the public seeks in an operating system. Also, as Microsoft integrated their com- ponents more tightly with each other and with the basic operating system, in an effort—so they said—to enhance compati- bility (and, again, make the product easier to use), vulnerabilities multiplied further. An opportunisitic worm entering the sys- tem via Instant Messenger, for example, might access Outlook for addresses to which it can mail itself, or it might raid databases containing credit card informa- tion and transmit that data back to an identity thief. Now virtually any effort to close vulnera- bilities may make things worse, and will unavoidably make the system more challeng- ing to use, alienating customers. Already, if a user implements the strictest security in Internet Explorer, he or she will be so pum- meled by warnings as to make surfing the Web unbearable. Blocking pop-up windows, Java script or Active X controls makes some Web sites virtually inaccessible. In short, no matter what they say, Microsoft is in an untenable position. The company’s operating system is so complex, that the odds of fixing every potential vul- nerability are extremely low. Chances are good that the patches will either break something or introduce an unexpected vul- nerability, and ease of use is bound to suf- fer. Simply adding a default firewall presents the average user with yet another component to configure, or, more likely, disable, because they don’t understand what it is or how to use it. Even getting users to implement patches is a challenge. Automatically upgrading a user’s system via download seems a better idea, though AutoUpdate (which made its debut in Windows ME in 1999) is hardly something new. But what if the “fix” is itself flawed, damaging the user’s system, which already happens with conventionally distributed patches? In addition, the sheer volume of the accumulated patches for Windows XP makes downloading them impractical for those limited to dial-up speeds. The Japanese division of Microsoft is handing out free CDs with vital patches, but there’s no sign that U.S. users are going to receive the same courtesy. Even if they do, how many users are going to avail themselves of the offer? The Antivirus Arms Race Antivirus vendors are continually playing ATTACK OF THE KILLER VIRUS! DECEMBER 2003 n W20 THERE is security, of a sort, in a diversified computing environment. With fewer targets single-platform viruses find it harder to spread.
catch-up. Not unlike a biological immune system battling microbes, the infection comes first, then the antibodies. Unfortunately, the antivirus forces are always going to be one step behind. They can’t start churning out the cure before the infection is detected. The speed demon- strated by nasties like SoBig and Slammer, which infected virtually every vulnerable machine on the Internet within 10 minutes of its appearance, means that the infection can get a monstrous head start before countermeasures can be implemented. We are running out of options. But what’s left? Is There Security in Diversity? There are those who say that only Windows is vulnerable to viruses and only Windows viruses are written. They’re wrong. No operating system is invulnerable to viruses. Back in the days before Windows there were DOS viruses. Early Macintosh viruses were actually more contagious than DOS viruses because they were buried in the Macintosh file sys- tem’s resource fork, making them easily transmissible by download. Some loyalists claim Linux is virus proof. Windows loyalists counter with “No one bothers to write viruses for Linux because it has such a small market share.” They’re both wrong. There are Linux viruses, but so far they have been relatively harmless. There is Linux antivirus soft- ware, in itself an admission that Linux viruses are for real. It is true that the vast majority of virus- es are written for Windows. Dr. Nic Peeling and Dr. Julian Satchell, in their report “Analysis of the Impact of Open Source Software” (www.govtalk.gov.uk/docu- ments/QinetiQ_OSS_rep.pdf) note that “There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about five for commercial Unix versions and perhaps 40 for Linux.” The report gives two reasons for Windows’ greater attraction for virus writ- ers compared to Linux. The first is its pop- ularity. Not only does that make it a more tempting target, but “For a virus to spread, it has to transmit itself to other susceptible computers; on average, each infection has to cause at least one more. The ubiquity of Windows machines makes it easier for this threshold to be reached.” Secondly, they go on, “Windows has had a number of design choices over the years that have allowed the execution of untrusted code, and this has made it a very easy target.” Linux, on the other hand, isn’t such a push-over. In an article posted last June in The Register, SecurityFocus’s Scott Granneman notes that “a Linux user would have to read the email, save the attachment, give the attachment executable permissions [which requires ‘root’ privi- leges], and then run the executable.” Of course, this very complexity is one of the reasons Linux has been slow to gain market share. Now, just to give us more to worry about, a new complex cross-platform Windows/Linux virus has appeared. Not the first, but the most challenging of the breed so far. Simile/Etap was discovered late last May and is described as a “very complex virus that uses entry-point obscur- ing, metamorphism, and polymorphic decryption,” making it very hard to detect. Simile/Etap infects Portable Executable and 32-bit Executable and Linking Format files on both Linux and Windows systems. It contains no destructive payload, but dis- plays messages on September 17th and March 17th. The infection threat in the wild is said to be low. For a Linux user to be victimized he’d have to be logged in as root and run suspicious e-mail attachments. However, Marius van Oers, an analyst ATTACK OF THE KILLER VIRUS! DECEMBER 2003 n W 21
ATTACK OF THE KILLER VIRUS! DECEMBER 2003 n W22 at McAfee, warns that “…there is no tech- nical reason why Unix shell script malware cannot be successful in the future—it is a matter of proper coding combined with suitable or less secure environments.” So Linux users need to worry, too. However, there is security, of a sort, in a more diversified computing environment. With fewer targets, single-platform viruses find it harder to spread. A mixed Windows/Linux network is much less likely to be brought down completely by a Windows virus. Since cross platform viruses are harder to write there are fewer “Typhoid Marys” to worry about. The CCIA report cites this as a reason for breaking Microsoft’s grip on the market. So Deal with It So we are left with one of those seemingly insoluble issues that dot today’s digital landscape, along with spam and preserving intellectual property rights. There are no viable solutions to the viral epidemic—at least not yet. When the first Model T came out only a mechanic could embark on a trip of more than 20 miles with any certainty of reaching his destination. Breakdowns and flat tires were as inevitable as computer viruses are today. We are still in the early Model T era of the Internet today. If we are to move for- ward, software developers must learn to build operating systems that are both easy to use and 99.99 percent reliable—just the way most cars emerge from the factory today. And while we’re at it, how about war- ranties that mean something? It’s amazing how automobiles improved when the five- year, 50,000-mile warranty became com- mon. Computer users should be notified of a recall, and dealers should offer trained “mechanics” who will fix critical flaws under warranty, with free parts and labor. Maybe if Microsoft had to bear the full cost of fixing these problems they’d never let them out the door in the first place. And if Linux wants to survive it will have to meet the same standards of service, or go the way of the Nash Rambler. Users need firewalls and antivirus soft- ware as easy to implement as the lock on their steering column. Administrators need the equivalent of a good automated pot- hole filler, while authorities need the digital equivalent of radar guns and pursuit-cars geared to catch the moonshiners and street racers wreaking havoc on the information superhighway—which, by the way, could use better paving and a lane banning trucks carrying junk mail. At this point, our best chance of avoid- ing a truly crippling epidemic is to get the jump on new infections as they come along. It’s reasonable to assume that a new virus, like the beta version of any computer code, will be buggy. The engineers at AT&T claim to be working on an early warning system to alert the company’s cus- tomers to new threats based on just that premise. They hope to issue warnings as soon as they see the first inklings that someone’s trying to unleash a new virus. “We see the fizzled versions of stuff in advance,” says Ed Amoroso, chief informa- tion security officer at AT&T. “We're trying to change the nature of our relationship with customers so when we see...indicators of something that fizzled, we tell everybody.” Perhaps anti-virus vendors really can learn to get antidotes out there before fin- ished viruses “ship.” Then administrators can circle the wagons, implementing reme- dies before real assaults are launched. This is a glimmer of hope for a problem that we should expect to be dealing with for many years to come. ~ PERMISSION TO MAKE DIGITAL OR HARD COPIES OF ALL OR PART OF THIS WORK FOR PERSONAL OR CLASSROOM USE IS GRANTED WITHOUT FEE PROVIDED THAT COPIES ARE NOT MADE OR DISTRIBUTED FOR PROFIT OR COMMERCIAL ADVANTAGE AND THAT COPIES BEAR THIS NOTICE AND THE FULL CITATION ON THE FIRST PAGE. TO COPY OTHERWISE, TO REPUBLISH, TO POST ON SERVERS OR TO REDISTRIBUTE TO LISTS, REQUIRES PRIOR SPECIFIC PERMISSION AND/OR A FEE. © ACM 1091-3556/03/1200 $5.00 Dennis Fowler has been a freelance writer for over 30 years. For the last decade he has been following the computer industry, specializing in online issues and the Internet.

Recommended

Search Diverse Models for Proactive Software Diversification
Search Diverse Models for Proactive Software DiversificationSearch Diverse Models for Proactive Software Diversification
Search Diverse Models for Proactive Software DiversificationFoCAS Initiative
 
Cscu module 02 securing operating systems
Cscu module 02 securing operating systemsCscu module 02 securing operating systems
Cscu module 02 securing operating systemsSejahtera Affif
 
12102 vipre business-protecting-against-the-new-wave-of-malware
12102 vipre business-protecting-against-the-new-wave-of-malware12102 vipre business-protecting-against-the-new-wave-of-malware
12102 vipre business-protecting-against-the-new-wave-of-malwareDigital Pymes
 
Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...UltraUploader
 
C3
C3C3
C3Praveen Malisetty
 
Beyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityBeyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityUltraUploader
 
virus_11-24
virus_11-24virus_11-24
virus_11-24Uskidz
 
Cyber
CyberCyber
Cyberjarajana
 

Recommended

Search Diverse Models for Proactive Software Diversification
Search Diverse Models for Proactive Software DiversificationSearch Diverse Models for Proactive Software Diversification
Search Diverse Models for Proactive Software DiversificationFoCAS Initiative
 
Cscu module 02 securing operating systems
Cscu module 02 securing operating systemsCscu module 02 securing operating systems
Cscu module 02 securing operating systemsSejahtera Affif
 
12102 vipre business-protecting-against-the-new-wave-of-malware
12102 vipre business-protecting-against-the-new-wave-of-malware12102 vipre business-protecting-against-the-new-wave-of-malware
12102 vipre business-protecting-against-the-new-wave-of-malwareDigital Pymes
 
Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...Application of hardware accelerated extensible network nodes for internet wor...
Application of hardware accelerated extensible network nodes for internet wor...UltraUploader
 
C3
C3C3
C3Praveen Malisetty
 
Beyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityBeyond layers and peripheral antivirus security
Beyond layers and peripheral antivirus securityUltraUploader
 
virus_11-24
virus_11-24virus_11-24
virus_11-24Uskidz
 
Cyber
CyberCyber
Cyberjarajana
 
Information security
Information securityInformation security
Information securityAppin Faridabad
 
Anti virus in the corporate arena
Anti virus in the corporate arenaAnti virus in the corporate arena
Anti virus in the corporate arenaUltraUploader
 
AVG Threat Report Q4 2012
AVG Threat Report Q4 2012AVG Threat Report Q4 2012
AVG Threat Report Q4 2012AVG Technologies AU
 
A history of computer viruses three special viruses
A history of computer viruses three special virusesA history of computer viruses three special viruses
A history of computer viruses three special virusesUltraUploader
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT SecurityLondon School of Cyber Security
 
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelContending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelIRJET Journal
 
ISSA Journal Paper - JavaScript Infection Model
ISSA Journal Paper - JavaScript Infection ModelISSA Journal Paper - JavaScript Infection Model
ISSA Journal Paper - JavaScript Infection ModelAditya K Sood
 
A generic virus detection agent on the internet
A generic virus detection agent on the internetA generic virus detection agent on the internet
A generic virus detection agent on the internetUltraUploader
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Information Security Awareness Group
 
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsAdvanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsLondon School of Cyber Security
 
Analysis of rxbot
Analysis of rxbotAnalysis of rxbot
Analysis of rxbotUltraUploader
 
Sophos Security Threat Report Jan 2010 Wpna
Sophos Security Threat Report Jan 2010 WpnaSophos Security Threat Report Jan 2010 Wpna
Sophos Security Threat Report Jan 2010 Wpnadelamm2
 
A bit of viral protection is worth a megabyte of cure
A bit of viral protection is worth a megabyte of cureA bit of viral protection is worth a megabyte of cure
A bit of viral protection is worth a megabyte of cureUltraUploader
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application SecuritySaadSaif6
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsLondon School of Cyber Security
 
A Probabilistic Approach Using Poisson Process for Detecting the Existence of...
A Probabilistic Approach Using Poisson Process for Detecting the Existence of...A Probabilistic Approach Using Poisson Process for Detecting the Existence of...
A Probabilistic Approach Using Poisson Process for Detecting the Existence of...theijes
 
14 household ways to protect your computer from viruses
14 household ways to protect your computer from viruses14 household ways to protect your computer from viruses
14 household ways to protect your computer from virusesar-rifke.com
 
How To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot AttacksHow To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot AttacksLondon School of Cyber Security
 
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSCYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSIAEME Publication
 
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attackskevinmass30
 
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayada
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayadaKnown Knowns, Unknown Unknowns and Anti Virus stuff yadayadayada
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayadanamblasec
 

More Related Content

What's hot

Anti virus in the corporate arena
Anti virus in the corporate arenaAnti virus in the corporate arena
Anti virus in the corporate arenaUltraUploader
 
A history of computer viruses three special viruses
A history of computer viruses three special virusesA history of computer viruses three special viruses
A history of computer viruses three special virusesUltraUploader
 
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelContending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelIRJET Journal
 
ISSA Journal Paper - JavaScript Infection Model
ISSA Journal Paper - JavaScript Infection ModelISSA Journal Paper - JavaScript Infection Model
ISSA Journal Paper - JavaScript Infection ModelAditya K Sood
 
A generic virus detection agent on the internet
A generic virus detection agent on the internetA generic virus detection agent on the internet
A generic virus detection agent on the internetUltraUploader
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Information Security Awareness Group
 
Sophos Security Threat Report Jan 2010 Wpna
Sophos Security Threat Report Jan 2010 WpnaSophos Security Threat Report Jan 2010 Wpna
Sophos Security Threat Report Jan 2010 Wpnadelamm2
 
A bit of viral protection is worth a megabyte of cure
A bit of viral protection is worth a megabyte of cureA bit of viral protection is worth a megabyte of cure
A bit of viral protection is worth a megabyte of cureUltraUploader
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application SecuritySaadSaif6
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsLondon School of Cyber Security
 
A Probabilistic Approach Using Poisson Process for Detecting the Existence of...
A Probabilistic Approach Using Poisson Process for Detecting the Existence of...A Probabilistic Approach Using Poisson Process for Detecting the Existence of...
A Probabilistic Approach Using Poisson Process for Detecting the Existence of...theijes
 
14 household ways to protect your computer from viruses
14 household ways to protect your computer from viruses14 household ways to protect your computer from viruses
14 household ways to protect your computer from virusesar-rifke.com
 
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSCYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSIAEME Publication
 
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
 

What's hot (20)

Information security
Information securityInformation security
Information security
 
Anti virus in the corporate arena
Anti virus in the corporate arenaAnti virus in the corporate arena
Anti virus in the corporate arena
 
AVG Threat Report Q4 2012
AVG Threat Report Q4 2012AVG Threat Report Q4 2012
AVG Threat Report Q4 2012
 
A history of computer viruses three special viruses
A history of computer viruses three special virusesA history of computer viruses three special viruses
A history of computer viruses three special viruses
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
 
Contending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security ModelContending Malware Threat using Hybrid Security Model
Contending Malware Threat using Hybrid Security Model
 
ISSA Journal Paper - JavaScript Infection Model
ISSA Journal Paper - JavaScript Infection ModelISSA Journal Paper - JavaScript Infection Model
ISSA Journal Paper - JavaScript Infection Model
 
A generic virus detection agent on the internet
A generic virus detection agent on the internetA generic virus detection agent on the internet
A generic virus detection agent on the internet
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
 
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsAdvanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA Environments
 
Analysis of rxbot
Analysis of rxbotAnalysis of rxbot
Analysis of rxbot
 
Sophos Security Threat Report Jan 2010 Wpna
Sophos Security Threat Report Jan 2010 WpnaSophos Security Threat Report Jan 2010 Wpna
Sophos Security Threat Report Jan 2010 Wpna
 
A bit of viral protection is worth a megabyte of cure
A bit of viral protection is worth a megabyte of cureA bit of viral protection is worth a megabyte of cure
A bit of viral protection is worth a megabyte of cure
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application Security
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and Forensics
 
A Probabilistic Approach Using Poisson Process for Detecting the Existence of...
A Probabilistic Approach Using Poisson Process for Detecting the Existence of...A Probabilistic Approach Using Poisson Process for Detecting the Existence of...
A Probabilistic Approach Using Poisson Process for Detecting the Existence of...
 
14 household ways to protect your computer from viruses
14 household ways to protect your computer from viruses14 household ways to protect your computer from viruses
14 household ways to protect your computer from viruses
 
How To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot AttacksHow To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot Attacks
 
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONSCYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
CYBER SECURITY: A SURVEY ON ISSUES AND SOLUTIONS
 
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
 

Similar to Attack of the killer virus!

Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attackskevinmass30
 
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayada
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayadaKnown Knowns, Unknown Unknowns and Anti Virus stuff yadayadayada
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayadanamblasec
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
56 JULY 2017 WWW.COM.docx
56 JULY 2017 WWW.COM.docx56 JULY 2017 WWW.COM.docx
56 JULY 2017 WWW.COM.docxalinainglis
 
Bot software spreads, causes new worries
Bot software spreads, causes new worriesBot software spreads, causes new worries
Bot software spreads, causes new worriesUltraUploader
 
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxRunning head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxtodd521
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Deb Birch
 
Network Threats
Network ThreatsNetwork Threats
Network ThreatsDan Oblak
 
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksViruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksDiane M. Metcalf
 
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityEn msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityOnline Business
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...ESET Middle East
 

Similar to Attack of the killer virus! (19)

Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
 
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayada
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayadaKnown Knowns, Unknown Unknowns and Anti Virus stuff yadayadayada
Known Knowns, Unknown Unknowns and Anti Virus stuff yadayadayada
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Conficker
ConfickerConficker
Conficker
 
Hacking 10 2010
Hacking 10 2010Hacking 10 2010
Hacking 10 2010
 
56 JULY 2017 WWW.COM.docx
56 JULY 2017 WWW.COM.docx56 JULY 2017 WWW.COM.docx
56 JULY 2017 WWW.COM.docx
 
Bot software spreads, causes new worries
Bot software spreads, causes new worriesBot software spreads, causes new worries
Bot software spreads, causes new worries
 
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docxRunning head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
Running head UNPATCHED CLIENT SOFTWAREUNPATCHED CLIENT SOFTWARE.docx
 
Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...Problems With Battling Malware Have Been Discussed, Moving...
Problems With Battling Malware Have Been Discussed, Moving...
 
Network Threats
Network ThreatsNetwork Threats
Network Threats
 
Computer viruses. - Free Online Library
Computer viruses. - Free Online LibraryComputer viruses. - Free Online Library
Computer viruses. - Free Online Library
 
Virus
VirusVirus
Virus
 
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksViruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise Networks
 
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityEn msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
 
Cybercrimes
CybercrimesCybercrimes
Cybercrimes
 
Computer Security 101
Computer Security 101Computer Security 101
Computer Security 101
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
 
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About RansomwareWhat Businesses Entrepreneurs Are Imperative To Know About Ransomware
What Businesses Entrepreneurs Are Imperative To Know About Ransomware
 

More from UltraUploader

01 le 10 regole dell'hacking
01 le 10 regole dell'hacking01 le 10 regole dell'hacking
01 le 10 regole dell'hackingUltraUploader
 
00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)UltraUploader
 
[E book ita] php manual
[E book ita] php manual[E book ita] php manual
[E book ita] php manualUltraUploader
 
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...UltraUploader
 
[Ebook ita - database] access 2000 manuale
[Ebook ita - database] access 2000 manuale[Ebook ita - database] access 2000 manuale
[Ebook ita - database] access 2000 manualeUltraUploader
 
(E book) cracking & hacking tutorial 1000 pagine (ita)
(E book) cracking & hacking tutorial 1000 pagine (ita)(E book) cracking & hacking tutorial 1000 pagine (ita)
(E book) cracking & hacking tutorial 1000 pagine (ita)UltraUploader
 
(Ebook ita - inform - access) guida al database access (doc)
(Ebook ita - inform - access) guida al database access (doc)(Ebook ita - inform - access) guida al database access (doc)
(Ebook ita - inform - access) guida al database access (doc)UltraUploader
 
(Ebook computer - ita - pdf) fondamenti di informatica - teoria
(Ebook computer - ita - pdf) fondamenti di informatica - teoria(Ebook computer - ita - pdf) fondamenti di informatica - teoria
(Ebook computer - ita - pdf) fondamenti di informatica - teoriaUltraUploader
 
Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorUltraUploader
 
Botnetsand applications
Botnetsand applicationsBotnetsand applications
Botnetsand applicationsUltraUploader
 
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...UltraUploader
 
Bird binary interpretation using runtime disassembly
Bird binary interpretation using runtime disassemblyBird binary interpretation using runtime disassembly
Bird binary interpretation using runtime disassemblyUltraUploader
 
Biologically inspired defenses against computer viruses
Biologically inspired defenses against computer virusesBiologically inspired defenses against computer viruses
Biologically inspired defenses against computer virusesUltraUploader
 
Biological versus computer viruses
Biological versus computer virusesBiological versus computer viruses
Biological versus computer virusesUltraUploader
 
Biological aspects of computer virology
Biological aspects of computer virologyBiological aspects of computer virology
Biological aspects of computer virologyUltraUploader
 
Biological models of security for virus propagation in computer networks
Biological models of security for virus propagation in computer networksBiological models of security for virus propagation in computer networks
Biological models of security for virus propagation in computer networksUltraUploader
 
Binary obfuscation using signals
Binary obfuscation using signalsBinary obfuscation using signals
Binary obfuscation using signalsUltraUploader
 

More from UltraUploader (20)

1 (1)
1 (1)1 (1)
1 (1)
 
01 intro
01 intro01 intro
01 intro
 
01 le 10 regole dell'hacking
01 le 10 regole dell'hacking01 le 10 regole dell'hacking
01 le 10 regole dell'hacking
 
00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)00 the big guide sz (by dr.to-d)
00 the big guide sz (by dr.to-d)
 
[E book ita] php manual
[E book ita] php manual[E book ita] php manual
[E book ita] php manual
 
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
[Ebook ita - security] introduzione alle tecniche di exploit - mori - ifoa ...
 
[Ebook ita - database] access 2000 manuale
[Ebook ita - database] access 2000 manuale[Ebook ita - database] access 2000 manuale
[Ebook ita - database] access 2000 manuale
 
(E book) cracking & hacking tutorial 1000 pagine (ita)
(E book) cracking & hacking tutorial 1000 pagine (ita)(E book) cracking & hacking tutorial 1000 pagine (ita)
(E book) cracking & hacking tutorial 1000 pagine (ita)
 
(Ebook ita - inform - access) guida al database access (doc)
(Ebook ita - inform - access) guida al database access (doc)(Ebook ita - inform - access) guida al database access (doc)
(Ebook ita - inform - access) guida al database access (doc)
 
(Ebook computer - ita - pdf) fondamenti di informatica - teoria
(Ebook computer - ita - pdf) fondamenti di informatica - teoria(Ebook computer - ita - pdf) fondamenti di informatica - teoria
(Ebook computer - ita - pdf) fondamenti di informatica - teoria
 
Broadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitorBroadband network virus detection system based on bypass monitor
Broadband network virus detection system based on bypass monitor
 
Botnetsand applications
Botnetsand applicationsBotnetsand applications
Botnetsand applications
 
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
Blended attacks exploits, vulnerabilities and buffer overflow techniques in c...
 
Blast off!
Blast off!Blast off!
Blast off!
 
Bird binary interpretation using runtime disassembly
Bird binary interpretation using runtime disassemblyBird binary interpretation using runtime disassembly
Bird binary interpretation using runtime disassembly
 
Biologically inspired defenses against computer viruses
Biologically inspired defenses against computer virusesBiologically inspired defenses against computer viruses
Biologically inspired defenses against computer viruses
 
Biological versus computer viruses
Biological versus computer virusesBiological versus computer viruses
Biological versus computer viruses
 
Biological aspects of computer virology
Biological aspects of computer virologyBiological aspects of computer virology
Biological aspects of computer virology
 
Biological models of security for virus propagation in computer networks
Biological models of security for virus propagation in computer networksBiological models of security for virus propagation in computer networks
Biological models of security for virus propagation in computer networks
 
Binary obfuscation using signals
Binary obfuscation using signalsBinary obfuscation using signals
Binary obfuscation using signals
 

Attack of the killer virus!

  • 1. 16 n W T hough more than 600 million people worldwide use the Internet, it takes only one virus writer to make just about all of us miserable. Like a single stray neutron in a critical mass of plutonium, a lone virus can trigger a chain reaction that spews thousands of copies from desktop to desktop. Last summer’s aptly named SoBig virus was an all-too-real example of this danger. “At [SoBig.F’s] peak, one out of 17 e-mails that we were processing was a copy of the…virus,” says Josh White of U.S.-based e-mail security group MessageLabs. “Certainly we haven't seen numbers I l l u s t ra t i o n b y D y n a m i c D u o S t u d i o . c o m Attack of the KILLER VIRUS! [ B Y D E N N I S F O W L E R ]
  • 2.
  • 3. updates, pop-ups, opt-outs, and buckets of questionable information, plus the message that anytime an alligator bites them in the butt, it's because they are ‘careless.’” “Users open PIF attachments because they're attached—why would they know enough about computers to know which files to open and which not to open?” asks Michael “Mac” McCarthy, VP Editorial and Portals, DevX Division/Jupiter Media Inc. “A technology this widely used can't reasonably expect that level of expertise from its users; it's simply impractical.” Besides, with multi-vector viruses like Blaster, which spread both via e-mail and through an unguarded port 135, the aver- age home user can be infected even if no e- mail is received, no attachment is activated. In any case, the average user is unlikely to take the pro-active step of keeping the sys- tem patched, anti-virus software up-to- date. Most don’t know what a firewall is, let alone how to implement it. Pros to the Rescue? Even if we could depend on the average user, a heavy burden rests on IT depart- ments and ISPs to make sure their patches are up to date, their filters enabled. That is easier said than done. “[Administrators] don't apply patches regularly,” McCarthy points out, “because the patches themselves are buggy and crip- pling just often enough for it to be the con- ventional wisdom…to let patches cool off for a few months before applying them. Now [administrators are] happy to discov- er they're screwed no matter what they do—install all patches right away and risk screwing up the system…or wait and only install patches that have proven themselves. And when hackers jump in…you get abuse from your users—and the press.” Mandatory patches have been emerging from Microsoft at an average of more than once a week. Clearly we can’t depend on ATTACK OF THE KILLER VIRUS! DECEMBER 2003 n W18 like this before.” At that time AOL scanned 40.5 million e-mails and found SoBig.F in half of them. In fact, SoBig accounted for 98 percent of all viruses then circulating— all this from a single virus-writing miscre- ant. How can we possibly hope to stop the inevitable legions of similarly determined troublemakers? Better get used to it: There are no easy solutions to the virus problem. Blaming the Victim What, do you suppose, is the percentage of users who will open and run an e-mail attachment from a total stranger? Five per- cent? Ten percent? Maybe more: In an arti- cle in the September 12, 2003 issue of The New York Times, a study is cited where a test virus was e-mailed anonymously to 13 members of a bank’s computer security team. “Five members of the I.T.-security- savvy team in the financial sector executed an in-your-face [virus],” reported Roelof Temmingh, technical director at South Africa-based SensePost Information Security, at a July security conference in Las Vegas. That’s over 38 percent. One can only imagine the percentage of less-sophisti- cated users who would have acted exactly the same way. The temptation is to blame careless users for unthinkingly launching these infections, blame them for not keeping their systems patched, protected with anti-virus software, for not implementing firewalls. “In all fair- ness, users aren't so much ‘careless’ as over- whelmed by a world not their making,” says Karen G. Schneider, director of the Web portal, Librarians' Index to the Internet (http://lii.org/). “The sales pitch has been ‘technology will change your life.’ The part we all left out is ‘yes, but not necessar- ily for the better.’ So they go online to send e-mail to their kids, buy dresses from Sears, and otherwise participate in our ‘paperless society’…and the next thing they know, they're grappling with spam, viruses,
  • 4. users or administrators. Who’s left? Can Programmers Be Held Liable for Software Breaches? The end-user license we agree to when we open a software package almost always says that there is “NO LIABILITY FOR CONSEQUENTIAL DAMAGES,” or words to that effect. As the flaws and holes in Windows mount, so does a cry to hold Microsoft accountable. That clause now faces a legal challenge, thanks to a suit filed in October in Los Angeles Superior Court. Claiming Microsoft's “eclipsing dominance in desktop software has created a global security risk,” a suit was filed on behalf of a mother of two from Los Angeles whose identity was stolen thanks to a hacker invading her system. “We represent an individual plaintiff who is also seeking to be a class represen- tative on behalf of all U.S. purchasers of Microsoft operating system software,” said attorney Dana Taschner, the Newport Beach, California, who filed the suit. At the time of this writing Microsoft is studying the action. They hope to quash the class action certification, which would effectively neutralize the suit. The company blames the problems on the hackers who write the worms and hack the systems, not on their own failings. If a locksmith knowingly sells flawed locks, can he be held liable for the burglar- ies that result? If the class action request is accepted, Microsoft may find itself facing monumen- tal liability claims. Bruce Schneier, CTO of Counterpane Security and a noted comput- er security expert, hopes they do. “Maybe then Microsoft will finally get the message and secure their software,” he says. But can they? In Fairness to Microsoft Totally securing an operating system any operating system—but particularly Microsoft Windows—is incredibly challenging. In “CyberInsecurity: The Cost of Monopoly,” a report written by a half dozen independent security experts (Bruce Schneier included) and published by the Computer & Communications Industry Association (CCIA, www.ccianet.org/ index.php3), the authors note that com- plexity drives the creation of security flaws and that “experts often describe software complexity as proportional to the square of code volume.” The report says Windows NT code vol- ume increased 35 percent per year, that complexity increased 80 percent per year. Internet Explorer code volume increased 220 percent per year, increasing complexity 380 percent per year. Another source of Windows’ vulnerabil- ATTACK OF THE KILLER VIRUS! DECEMBER 2003 n W 19 TOTALLY securing an operating system— any operating system, but particularly Microsoft Windows—is incredibly challenging.
  • 5. ity has been Microsoft’s focus on ease of use. There’s always a tradeoff here: As any- one who has taken a flight on a commer- cial airline in the last two years can attest, the greater the security, the greater the inconvenience to the traveler. And inconve- nience is not exactly what the public seeks in an operating system. Also, as Microsoft integrated their com- ponents more tightly with each other and with the basic operating system, in an effort—so they said—to enhance compati- bility (and, again, make the product easier to use), vulnerabilities multiplied further. An opportunisitic worm entering the sys- tem via Instant Messenger, for example, might access Outlook for addresses to which it can mail itself, or it might raid databases containing credit card informa- tion and transmit that data back to an identity thief. Now virtually any effort to close vulnera- bilities may make things worse, and will unavoidably make the system more challeng- ing to use, alienating customers. Already, if a user implements the strictest security in Internet Explorer, he or she will be so pum- meled by warnings as to make surfing the Web unbearable. Blocking pop-up windows, Java script or Active X controls makes some Web sites virtually inaccessible. In short, no matter what they say, Microsoft is in an untenable position. The company’s operating system is so complex, that the odds of fixing every potential vul- nerability are extremely low. Chances are good that the patches will either break something or introduce an unexpected vul- nerability, and ease of use is bound to suf- fer. Simply adding a default firewall presents the average user with yet another component to configure, or, more likely, disable, because they don’t understand what it is or how to use it. Even getting users to implement patches is a challenge. Automatically upgrading a user’s system via download seems a better idea, though AutoUpdate (which made its debut in Windows ME in 1999) is hardly something new. But what if the “fix” is itself flawed, damaging the user’s system, which already happens with conventionally distributed patches? In addition, the sheer volume of the accumulated patches for Windows XP makes downloading them impractical for those limited to dial-up speeds. The Japanese division of Microsoft is handing out free CDs with vital patches, but there’s no sign that U.S. users are going to receive the same courtesy. Even if they do, how many users are going to avail themselves of the offer? The Antivirus Arms Race Antivirus vendors are continually playing ATTACK OF THE KILLER VIRUS! DECEMBER 2003 n W20 THERE is security, of a sort, in a diversified computing environment. With fewer targets single-platform viruses find it harder to spread.
  • 6. catch-up. Not unlike a biological immune system battling microbes, the infection comes first, then the antibodies. Unfortunately, the antivirus forces are always going to be one step behind. They can’t start churning out the cure before the infection is detected. The speed demon- strated by nasties like SoBig and Slammer, which infected virtually every vulnerable machine on the Internet within 10 minutes of its appearance, means that the infection can get a monstrous head start before countermeasures can be implemented. We are running out of options. But what’s left? Is There Security in Diversity? There are those who say that only Windows is vulnerable to viruses and only Windows viruses are written. They’re wrong. No operating system is invulnerable to viruses. Back in the days before Windows there were DOS viruses. Early Macintosh viruses were actually more contagious than DOS viruses because they were buried in the Macintosh file sys- tem’s resource fork, making them easily transmissible by download. Some loyalists claim Linux is virus proof. Windows loyalists counter with “No one bothers to write viruses for Linux because it has such a small market share.” They’re both wrong. There are Linux viruses, but so far they have been relatively harmless. There is Linux antivirus soft- ware, in itself an admission that Linux viruses are for real. It is true that the vast majority of virus- es are written for Windows. Dr. Nic Peeling and Dr. Julian Satchell, in their report “Analysis of the Impact of Open Source Software” (www.govtalk.gov.uk/docu- ments/QinetiQ_OSS_rep.pdf) note that “There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about five for commercial Unix versions and perhaps 40 for Linux.” The report gives two reasons for Windows’ greater attraction for virus writ- ers compared to Linux. The first is its pop- ularity. Not only does that make it a more tempting target, but “For a virus to spread, it has to transmit itself to other susceptible computers; on average, each infection has to cause at least one more. The ubiquity of Windows machines makes it easier for this threshold to be reached.” Secondly, they go on, “Windows has had a number of design choices over the years that have allowed the execution of untrusted code, and this has made it a very easy target.” Linux, on the other hand, isn’t such a push-over. In an article posted last June in The Register, SecurityFocus’s Scott Granneman notes that “a Linux user would have to read the email, save the attachment, give the attachment executable permissions [which requires ‘root’ privi- leges], and then run the executable.” Of course, this very complexity is one of the reasons Linux has been slow to gain market share. Now, just to give us more to worry about, a new complex cross-platform Windows/Linux virus has appeared. Not the first, but the most challenging of the breed so far. Simile/Etap was discovered late last May and is described as a “very complex virus that uses entry-point obscur- ing, metamorphism, and polymorphic decryption,” making it very hard to detect. Simile/Etap infects Portable Executable and 32-bit Executable and Linking Format files on both Linux and Windows systems. It contains no destructive payload, but dis- plays messages on September 17th and March 17th. The infection threat in the wild is said to be low. For a Linux user to be victimized he’d have to be logged in as root and run suspicious e-mail attachments. However, Marius van Oers, an analyst ATTACK OF THE KILLER VIRUS! DECEMBER 2003 n W 21
  • 7. ATTACK OF THE KILLER VIRUS! DECEMBER 2003 n W22 at McAfee, warns that “…there is no tech- nical reason why Unix shell script malware cannot be successful in the future—it is a matter of proper coding combined with suitable or less secure environments.” So Linux users need to worry, too. However, there is security, of a sort, in a more diversified computing environment. With fewer targets, single-platform viruses find it harder to spread. A mixed Windows/Linux network is much less likely to be brought down completely by a Windows virus. Since cross platform viruses are harder to write there are fewer “Typhoid Marys” to worry about. The CCIA report cites this as a reason for breaking Microsoft’s grip on the market. So Deal with It So we are left with one of those seemingly insoluble issues that dot today’s digital landscape, along with spam and preserving intellectual property rights. There are no viable solutions to the viral epidemic—at least not yet. When the first Model T came out only a mechanic could embark on a trip of more than 20 miles with any certainty of reaching his destination. Breakdowns and flat tires were as inevitable as computer viruses are today. We are still in the early Model T era of the Internet today. If we are to move for- ward, software developers must learn to build operating systems that are both easy to use and 99.99 percent reliable—just the way most cars emerge from the factory today. And while we’re at it, how about war- ranties that mean something? It’s amazing how automobiles improved when the five- year, 50,000-mile warranty became com- mon. Computer users should be notified of a recall, and dealers should offer trained “mechanics” who will fix critical flaws under warranty, with free parts and labor. Maybe if Microsoft had to bear the full cost of fixing these problems they’d never let them out the door in the first place. And if Linux wants to survive it will have to meet the same standards of service, or go the way of the Nash Rambler. Users need firewalls and antivirus soft- ware as easy to implement as the lock on their steering column. Administrators need the equivalent of a good automated pot- hole filler, while authorities need the digital equivalent of radar guns and pursuit-cars geared to catch the moonshiners and street racers wreaking havoc on the information superhighway—which, by the way, could use better paving and a lane banning trucks carrying junk mail. At this point, our best chance of avoid- ing a truly crippling epidemic is to get the jump on new infections as they come along. It’s reasonable to assume that a new virus, like the beta version of any computer code, will be buggy. The engineers at AT&T claim to be working on an early warning system to alert the company’s cus- tomers to new threats based on just that premise. They hope to issue warnings as soon as they see the first inklings that someone’s trying to unleash a new virus. “We see the fizzled versions of stuff in advance,” says Ed Amoroso, chief informa- tion security officer at AT&T. “We're trying to change the nature of our relationship with customers so when we see...indicators of something that fizzled, we tell everybody.” Perhaps anti-virus vendors really can learn to get antidotes out there before fin- ished viruses “ship.” Then administrators can circle the wagons, implementing reme- dies before real assaults are launched. This is a glimmer of hope for a problem that we should expect to be dealing with for many years to come. ~ PERMISSION TO MAKE DIGITAL OR HARD COPIES OF ALL OR PART OF THIS WORK FOR PERSONAL OR CLASSROOM USE IS GRANTED WITHOUT FEE PROVIDED THAT COPIES ARE NOT MADE OR DISTRIBUTED FOR PROFIT OR COMMERCIAL ADVANTAGE AND THAT COPIES BEAR THIS NOTICE AND THE FULL CITATION ON THE FIRST PAGE. TO COPY OTHERWISE, TO REPUBLISH, TO POST ON SERVERS OR TO REDISTRIBUTE TO LISTS, REQUIRES PRIOR SPECIFIC PERMISSION AND/OR A FEE. © ACM 1091-3556/03/1200 $5.00 Dennis Fowler has been a freelance writer for over 30 years. For the last decade he has been following the computer industry, specializing in online issues and the Internet.