Thought for the day:
Laptops let in the worms
- Posted:
- 17:03 16 Mar 2004
- Topics:
- Security | IT Security Alerts | Viruses & Virus Protection | Laptops
The virus problem is likely to get worse, and the only solution may be to impound company laptops, says Jay Heiser.
Since the end of February businesses have been subjected to
an unprecedented number of new internet worms.
At least three competitive malware writers created a dozen variant
worms, each with new tricks to evade controls. Fallout from the
virus war, more accurately characterised as a feud, continues to
arrive at e-mail servers and home PCs from variants of Bagle,
MyDoom and Netsky.
Mail volume is a geometric function of the infected population, so
the 5% of home users who are infected provide a large enough
breeding ground to ensure that the entire internet is regularly
bombarded.
In addition to the infected mail, server performance was further
affected by millions of warning messages automatically sent by the
one in eight organisations with perimeter e-mail scanners whenever
they received an incoming worm-infected message. But although
annoying, neither these worms nor the more virulent original
variant of MyDoom were disruptive enough to seriously affect the
workplace.
Hackers know that the most reliable point of infection is not the
software, but the human holding the mouse, so malware makers are
becoming marvellously clever at making users curious enough to
double-click and open the attachment. Even worse, they are
increasingly leveraging the infrastructure of vulnerable
internet-connected computers to work for them, so expect more
parasitic malware that steals processing time, connectivity,
identities, and sensitive information.
This week of worms did not include the anticipated
internet-destroying malware meltdown, but it does represent a step
up the malware threat staircase.
During 15 years of attack and hype the sophistication of hostile
code has been continually ratcheted upwards. The virus fighters
have improved their ability to maintain a safe computing
environment, but the overall threat has increased too. The effort
needed to ensure a low level of infection is creeping upwards, the
risk to those who ignore the problem has significantly increased,
and the potential for a major disaster has certainly not
decreased.
Although the huge amounts of malware-related e-mail did result in
some late nights for exchange administrators, organisations that
scan incoming mail and maintain desktop anti-virus software have
largely avoided these worms.
Retail broadband users without proper controls form the cesspit
that feeds the disease and home Lans are infecting corporate
laptops with malware that would otherwise have been stopped at the
perimeter. This will continue until some digital hero arrives to
clean up consumer broadband and keep a close watch on portable
PCs.
Prepare a border inspection plan. Anti-virus controls are weakest
on the laptop, so until better technology is available it will
sometimes be necessary to update their software manually before
they are safe for the enterprise. The next time an attack like
Slammer, MSBlast or Nachia hits, impounding laptops at will be the
only way to control it.
What do you think?
What are your border inspection plans where laptops are concerned? Tell us in an e-mail >> ComputerWeekly.com reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.
Jay Heiser is principal analyst at TruSecure
