Subscribe
About

Back to the battleground

After winning the technology struggle, security firms are beginning a second battle.
Jeremy Matthews
By Jeremy Matthews, Head of Panda Security's African operations.
Johannesburg, 08 Aug 2006

Fifteen years ago, few people would have imagined the extent to which malicious code like viruses and Trojans would affect our day-to-day work. When a new virus emerged, weeks or even months could go by before it could spread, and even then its radius of propagation remained limited, relying on rudimentary information-sharing devices such as floppy disks.

The technologies applied to protecting against these pre-historic viruses were extremely simple, but so were the viruses. A couple of basic techniques were therefore adequate in combating these threats and computers had a very satisfactory level of security.

Always a step behind

However, viruses started getting more complex as communication between computers improved. Hackers conquered new territories.

First, e-mail messages had to be opened to unleash their payloads, then viruses that could spread without the user needing to open the message, and eventually viruses could infect computers simply because they connected to the Internet.

There is no weaker spot in IT security that an inexperienced or over-trusting user.

Jeremy Matthews, MD of Panda South Africa.

Each of the steps taken by hackers needed, at the time, a new technology to develop in response. When e-mail became a threat, permanent anti-virus scans also needed to protect POP3 traffic.

Anti-virus companies were always one step behind, developing new technologies to counter new viruses. This led to the development of Heuristic engines to analyse the genetic profile of files to identify potential malware and quarantine it for closer examination.

Logic would dictate that this constant advance is continuing in 2006, but this is not the case at all. We could even be seeing a step back in innovation.

Taking a step back

The techniques used to drop codes on users` computers are coarser. There is no longer an ingenious idea of how to get into computers, such as using Entry Point Obscuring or infecting Windows PE files. The most advanced techniques use a rootkit, commercial or not, but almost never developed by the virus author.

It is, after all, quite complicated to innovate; it requires effort, imagination and work - a lot of hard work. And these three concepts don`t seem to characterise today`s virus authors. Security companies have been researching and developing more powerful and effective technologies to combat hackers and for the moment at least, security seems to have won that battle.

The new dynamic started by hackers has left the technological aspect to one side to focus on the criminal variant. A few years ago, virus authors boasted to the rest about how far their virus had spread, but now, they boast about the amount of money they have stolen through Internet fraud scams.

To achieve this, they don`t need to analyse complex application programming interfaces nor experiment with new infection systems. A classic trick, an old scam, is enough to get the user`s money. In the 1930s in the US, a salesman announced he could supply the definitive solution to the potato beetle problem at a modest price. Many potato growers replied to the letter they had received with this offer, hoping to exterminate the bugs.

After paying the fee, these trusting farmers received two small blocks of wood, each about the size of a cigarette packet. In order to kill the beetle, all they had to do was catch one and place it on one of the blocks and then hit it with the other to kill it. Just as the trickster had advertised: rapid, safe and simple.

What is the difference between a scam then and now? Simply, the means used.

New battle front

After winning the technology struggle, security firms are beginning a second battle; the fight against malicious codes that are not in the least bit innovative, but take advantage of users who fall into the traps set out by hackers.

There is no weaker spot in IT security that an inexperienced or over-trusting user. New technologies should therefore guide users to avoid security problems.

Hacker technology appears to be stuck where it is. New systems for protecting against malicious code will block most new hacker threats. The real danger now lies in users` candour and willingness to trust unknown sources. What`s the danger? Your money?

Think about it and choose how to protect yourself.

Share