Monday, November 24, 2003

Microsoft vs. Virus Writers

Anytime you install software on your computer form any company or organization you run the risk of opening it up to new vulnerabilities. I am not stating anything new when I mention that Microsoft software is known for having its own share of bugs and vulnerabilities. Although, many people seem argue that Microsoft software is more buggy or more insecure then any other company's software out there, but this might not totally be true.

Consider this, Microsoft creates millions and millions of lines of new code every year. It is impossible to create all that code without having problems or making mistakes. Also, no company has the market-share that Microsoft has, and because it is the market-leader it will also become a popular target for cybercriminals.

If Apple had the market-share that Microsoft has I can almost guarantee that there would be a great deal more viruses and exploits for that Mac OS. Although, Apple has one thing over Microsoft and that is it is built a top of BSD Unix, which is a solid and secure OS.

Virus writers, hackers and crackers will always be drawn to the biggest target, it is like a moth to the largest flames. Why spend hundreds of hours to write a virus or develop an exploit, if it only going to effect a few people. If someone is going to spend the time to write a virus, they want it to effect as many people as possible.

Take for example the Sobig virus and Blaster worm, I am pretty sure that whoever wrote this malware that they're pretty happy with themselves. Think about it from their prospective, they created software to preform a task, and it work so well it is known around the world.

There's No Honor Among Thieves
To combat this ongoing threat Microsoft has put $250,000 bounties for the arrest and conviction of the cybercriminals that created the Blaster worm and Sobig virus. They have also setup a funded with $5 million dollars to finance (dubbed the Anti-Virus Reward Program) future bounties, and are trying working closely with the legal authorities.

Microsoft hopes that the bounties will encourage the friends or associates of the virus writers will turn them in for the money. Thus, forcing virus writers to become more paranoid, and prevent them from sharing their code with others for fear of being turned in.

Now, here is the real question will this new tactic work? Well, you now what they say, 'money talks'.

I think Microsoft's strategy of might lead to a few early arrests, but in the long run it might only slow virus writers down a little bit. Virus writers will also, start only sharing their exploits with close associates that they trust not to turn them in.

The Right Thing To Do
Microsoft's only real defense against these attacks is too improve their code, lock down the default configuration of their server and desktop OSs, and train the system administrators and general public how to protect themselves.

In Microsoft's defense they have already started initiatives to do all three of changes needed. But I have to be a little skeptical about how much it will help or how well they will implement it. Only time will tell.

The general public and system administrators also have to do their part protect their computers from attack and viral infection. There are four simple security rules that can help anyone protect themselves.

1. Install a virus scanner, and keep the signatures updated.
2. Install a firewall, and activate it.
3. Update your OS and applications
4. Don't open up file attachments

No One is Immune
The open-source community is not immune to the dangers of cyberintruders. An unknown person recently attempted to insert a Trojan horse program into the next version of the Linux kernel, which is stored in a publicly accessible database. Security features of the database detected the illegal change, and the database was shut down. The changes, which could have become a security flaw to the kernel, never became a part of the code.

Resources:
- Protect Your PC (for Home Users)
- 3 Ways to Help Ensure Your System Is Protected (for IT Professionals)
- Trustworthy Computing Initiative

No comments: