Security

2008, a year to focus on online security

Come 2008, security firms brace up for another year of malware attacks in an industry that saw much organization on the dark side.

Come 2008, security firms brace up for another year of malware attacks in an industry that saw much organization on the dark side.

Much as the Web has reduced the barrier to connectivity, it has also reduced the barrier to vulnerability. With more networking, the chances for abuse and misuse of user data is a live threat, always.

2007 saw a great multitude of online applications from Web giants such as Google and several innovative niche players such as Zoho. Also, the vulnerabilities that target Web-based applications will see a dramatic increase this year.

Spam continues to be a major irritant with organized botnet herding now getting more commercial.

The security industry needs a major strategy shift in detecting attack vectors. In earlier days, it took a user to load an infected file and run it to actually trigger an attack. All it takes today is a naive click. Hence the gap of response to an attack, as in preparing a signature for detection, does provide malware with enough PCs to prey upon.

Security firms are making the shift to behavioral and other strategies, but it remains to be seen how effective they can really be. Don't forget that most of the malware target security holes in the software itself.

Here's wishing a great 2008 to all TechRepublic readers on a secure note.

3 comments
santuccie
santuccie

Windows Vista is much more secure than previous versions of Windows, and surprisingly, experts are saying it's even more secure than OS-X. Microsoft also says it's more secure than Red Hat Linux, but this may just be a subjective declaration targeted at those who won't/can't verify it. I don't know, but what I do know is that Vista really is quite secure. IE runs with low privileges, the creator/owner account runs with low privileges, drivers are limited to pre-defined functions, and programs not listed in Microsoft's database are blocked from starting with Windows. There's also SDL, to help minimize attack vectors, but that doesn't impress me near as much as Vista's inherent ability to defend the attack surfaces themselves. To maximize your security in Vista, you could install something like McAfee VirusScan, which is actually a 3-in-1 with IDS and script blocking (McAfee knows there are lots of novices who still haven't heard the terms "antispyware" or "firewall," but they want to make sure ALL their users have adequate security.). And unlike the NoScript extension for Firefox, McAfee's script blocker manages the whitelist for you. A free version is available from AOL: http://safety.aol.com/isc/index.adp? Then there's the Comodo firewall. I was never a fan of this firewall in the past, because it's user-dependent, just like ZoneAlarm. Average users don't realize that all alerts look pretty much the same, and find a false sense of security in such products (I laugh when a ZA user in the CNET forums talks about reloading Windows every few months as if it's normal). But version 3 of Comodo will embrace the positive security model (deny by default), and maintain a signature whitelist instead of a blacklist. This is easier to upkeep than a blacklist of malicious signatures, which are numbering roughly a thousand a day from Storm worm alone. By using this method, Comodo intends to reduce popup fatigue to an absolute minimum. Until a stable version 3 of the Comodo firewall is released, and until more people upgrade to Vista, here's a way to lock down the kernel in Windows XP or 2000: http://invincible-windows.blogspot.com/ The instructions look intimidatingly multitudinous, but that's because every single mouse click is illustrated here. It's really a simple process, especially when someone has gone through all the motions to show you exactly how. And it works!

Tony Hopkinson
Tony Hopkinson

Vista is more secure, of course this assumes UAC is on, and IE7 with protected mode enabled. The biggest security threat to a system is and always will be the user, they want it all done for them. That's a goer in a work environment, but not at home. You are faced with insecure versus 'hard to use' on a regular basis. Personally I put security before usability, if UAC nags to much I change what / how I'm doing something, all to often people just turn it off. :(

santuccie
santuccie

Exactly, which is why I steer clear of ZoneAlarm and the like. Average users can't tell the difference between the malicious and the benign; not only do they want it all done for them, they need it all done for them. If it's not, then it's bad news for you and me, because their system becomes yet another zombie. McAfee's firewall offers quite a few monitoring options in IDS, but most of them are disabled by default, and I'd just leave them that way. Before publishing Invincible Windows, I touched bases with Gizmo and got 9 hostile sites to pit against my lockdown method. I also tried it against McAfee later, and it performed like a champ! The script blocker never missed. I didn't test it against all 9 sites, but I tested it against a few of the nastiest. HJT, IceSword, Ewido, and HouseCall all came up clean. That's far better protecion than any combination of signature scanners will afford you (mind you, this was tested with XP, not Vista). I haven't tried Comodo 3, but I like the concept. There are Web application firewalls for servers that work by such a concept, Citrix being one of them.

Editor's Picks