Tracking The Malware Battle

RFID Malware  has changed radically since the days when John McAfee first set up his BBS and offered VirusScan for download at 2400 baud.

It is rapidly becoming a certainty in life, right up there with death and taxes. And like death and taxes, malware seems to find new and horrible ways to attack you. Antivirus and anti-spyware vendors get better at stomping out the bad guys, and then the crooks behind the malware change strategy.

This year the vicious cycle will continue. Mimi Hoang, group product manager in Symantec’s security response unit, thinks malware is going to become a lot quieter, choosing to rear its ugliness behind the scenes.

“The days of Blaster and Sasser are gone,” she told “It used to be for notoriety. Now people don’t want you to know that’s going on. We’re not going to see mass mailers, but targeted, stealthy attacks that are money-driven. They have funding behind them so they make sure attacks fly under the radar.”

This shift in strategy will include polymorphic attacks. The software will keep changing to evade both heuristics and signatures in security programs, and there will be multiple steps to the attack. It will use a combination, such as a rootkit , to get into a computer, then download a Trojan or key logger.

Unfortunately, phishing attacks will continue. “There’s huge money in it,” said Natalie Lambert, senior analyst for Forrester Research.
“Why stop doing something that’s making millions?”

Also, expect more attacks on applications as Microsoft succeeds in hardening its operating systems. “I think that virus writers are going to go after the lowest hanging fruit that is in the most places,” Lambert added. “If the OS becomes harder to crack, they will then go for an app with a lot of market share. Adobe Reader is a primary example.”

It’s not an optimistic view, but don’t think the good guys are just going to roll over. They have their own plans for fighting back as well.

Addressing poor user habits

The first problem is dealing with the poor computing habits of consumers. Corporations are much better at maintaining security on their networks, but most of the thousands of botnets  that are in the wild are on poorly maintained personal computers.

“There are people who think they have antivirus protection because they got an AV program from 2003 installed on their computer,” said Lambert. “You might as well have nothing on your computer. It’s only as secure as your last update.”

And a lot of computers are not secure. At the recent World Economic Forum in Davos, Switzerland, Vint Cerf, known mostly for birthing the Internet, estimated that of the 600 million computers on the Internet, one-quarter of them, 150 million, are on botnets and don’t know it. If Cerf’s numbers, as reported on the forum blog, are accurate, it’s a shocking indictment of the failure of people to care for their computers.

The most common viruses seen in the wild floating around on the Internet are Beagle and NetSky, which have been around for years. Even the weakest of antivirus programs should catch them. They flourish because so many people have been negligent in protecting their computers or, in some cases, disabling their security software because it’s so annoying.

Next page: The ISP and the vendor


Page 2 of 2

Having users’ backs

Hence, a new strategy. More ISPs are giving away an antivirus program just in the hope customers will use it.

AOL, the largest ISP in the country, had sold antivirus software for $2.95 a month, and got two out of its 23 million subscribers to sign up. So the company gave the software away starting in 2004, and it worked, according to Peter Firstbrook, research director for Gartner.

“Their spam went down, their bandwidth use went down and calls to the helpdesk went down after they began giving Virusscan away,” he told Comcast, another major ISP, also offers McAfee VirusScan for free, while EarthLink offers Protection Control Center.

And the ISPs are finally getting tough with their customers.

In 2004, Comcast began to warn its customers that they would be banished if they didn’t keep their systems clean. Now EarthLink is getting tough with its users.

The makers of anti-malware software are also taking charge, trying to leave less in the hands of users. Software is updating itself more aggressively, with less reliance on human intervention.

“I know that this year, the security vendors figured out that consumers simply weren’t doing their due diligence to protect themselves and changed their offerings from being software the user deploys and updates, and made it a service to automate it,” said Lambert.

Webroot, developer of the popular Spy Sweeper software, is also working on improving automation while keeping its software in the background. “The first generation of anti-malware was extremely in your face telling you everything,” said Gerhard Eschelbeck, CTO of Webroot.

“The design of anti-malware is extremely important, because you want to keep on top of your machine and know it works, but you don’t want to deal with it constantly,” he added. “You buy your PC for doing real work, not satisfying your anti-malware product. We see this all the time.”

Symantec , McAfee and other security software vendors have included increased automation for updating, scanning and cleaning in their new products.

“We want to make sure it doesn’t require a whole lot of consumer action,” said Hoang. “We want to make recommendations to consumers for gray areas like spyware and adware, but for more black-and-white issues of known malware, we’ll just handle the issue automatically.”

One of the widely touted features of Microsoft Windows Vista is its security. The company was promising far better security in the new OS, but Webroot’s internal testing has found it lacking. In testing 25 pieces of known spyware on a Vista machine, only four infections were detected.

“We were surprised to see the low rate of detection by Defender on Vista,” said Eschelbeck. “While Vista has improved security quite a bit, there are still quite a few holes that need to be plugged over time.”

So it looks like the cycle will continue unabated. Anti-malware vendors, once thought to be doomed in Vista’s wake, will continue its tit-for-tat battle, as certain as death and taxes, with the crooks they’re fighting.

News Around the Web