HOME Technology Nov 2008
One in four PCs infected
Safer software sought
Around 25 percent of the world’s PCs may be infected with some form of malicious software, according to an OECD report, and the simple act of hooking a computer up to the Internet could mobilise armies of hidden agents and criminals out to subvert the system.

The report says malware is more sophisticated and targeted, with smaller attacks that stay "below the radar" likely to harm critical information infrastructures, cause financial losses, and erode trust and confidence in the Internet economy.

Over the last 20 years malware has evolved from occasional "exploits" to a global multi-million dollar criminal industry going way beyond worms and viruses, to embrace identity theft, phishing for bank accounts details, spyware, adware, denial of service attacks that slow or crash systems and armies of botnets that harvest information.

New approach needed

Matthew Drake, Symantec New Zealand consumer spokesperson, believes malware has reached a ‘tipping point’ where traditional antivirus packages can no longer cope and a new approach is needed.

According to Symantec’s latest Internet Security Threat Report, nearly half a million new malicious code threats appeared in the second half of 2007, more than double those detected in the first half of the year and five times as many as the end of 2006. Of the 55,000 unique applications deployed on Microsoft Windows PCs, 65 percent were found to be malicious.

"If these trends continue, there could be millions of new threats each year," said Drake. Antivirus vendors are working overtime to generate up to 20,000 new virus fingerprints each day. Symantec has nearly written a million new virus signatures this year and is delivering 12,000 daily to update its antivirus software.

"To be effective, antivirus must transition to a positive model that goes beyond blocking a seemingly infinite supply of malicious programs to allowing only proven, legitimate ones," he says.

Trust rating required

Among the most promising prospects is a model that combines ‘white-listing’ applications that are known to be secure, blacklisting and blocking known malware and reputation-based management that assigns a trust rating based on feedback from millions of users.

Applications with a safe rating would be added to the white-list. Software from trusted vendors would automatically get a high rating while new software would have to go through a probation period to prove it was safe before being granted a higher rating.

Symantec’s Norton Internet Security 2009, featuring Norton Insight technology, is now using behavioural analysis in tandem with signature detection to get ahead of the game. Rather than taking 50 minutes to scan your system it can do this in 5 minutes, by comparing data on client computers against Symantec’s database of what 25 million other users have on their computers. The less known the software the greater scrutiny it face during scans.

Geoff Cossey from Chillisoft which distributes NOD32 agrees there’s a need for stronger front line defences with some malware only lasting a few hours before it replaces itself.

He says heuristics or ‘predictive guessing’ methods, generic, class or family detection which recognise threat characteristics, and approaches that isolate threats in protected mode to see if they act suspiciously should be part of the arsenal.

A number of security tools including firewall, antivirus, spyware, parental controls and back-up tools can help protect PC and laptop users. Main products are Computer Associates’ Internet Security Plus, Trend Micro’s Internet Security Pro, AVG’s Internet Security 8, Bit Defender’s Total Security, McAfee’s Total Protection 2008, Symantec’s Norton’s 360 and NOD32 through Chillisoft. Prices range from $75-$130.

Computer users can help protect themselves and the Internet community by thinking before clicking on unsolicited emails and ensuring their security software and patches are up to date and regularly scanning their disks.

 
  Back2front    General Interest Webzine