The virus problem is likely to get worse, and the only solution may be to impound company laptops, says Jay Heiser.
Since the end of February businesses have been subjected to an unprecedented number of new internet worms.
At least three competitive malware writers created a dozen variant worms, each with new tricks to evade controls. Fallout from the virus war, more accurately characterised as a feud, continues to arrive at e-mail servers and home PCs from variants of Bagle, MyDoom and Netsky.
Mail volume is a geometric function of the infected population, so the 5% of home users who are infected provide a large enough breeding ground to ensure that the entire internet is regularly bombarded.
In addition to the infected mail, server performance was further affected by millions of warning messages automatically sent by the one in eight organisations with perimeter e-mail scanners whenever they received an incoming worm-infected message. But although annoying, neither these worms nor the more virulent original variant of MyDoom were disruptive enough to seriously affect the workplace.
Hackers know that the most reliable point of infection is not the software, but the human holding the mouse, so malware makers are becoming marvellously clever at making users curious enough to double-click and open the attachment. Even worse, they are increasingly leveraging the infrastructure of vulnerable internet-connected computers to work for them, so expect more parasitic malware that steals processing time, connectivity, identities, and sensitive information.
This week of worms did not include the anticipated internet-destroying malware meltdown, but it does represent a step up the malware threat staircase.
During 15 years of attack and hype the sophistication of hostile code has been continually ratcheted upwards. The virus fighters have improved their ability to maintain a safe computing environment, but the overall threat has increased too. The effort needed to ensure a low level of infection is creeping upwards, the risk to those who ignore the problem has significantly increased, and the potential for a major disaster has certainly not decreased.
Although the huge amounts of malware-related e-mail did result in some late nights for exchange administrators, organisations that scan incoming mail and maintain desktop anti-virus software have largely avoided these worms.
Retail broadband users without proper controls form the cesspit that feeds the disease and home Lans are infecting corporate laptops with malware that would otherwise have been stopped at the perimeter. This will continue until some digital hero arrives to clean up consumer broadband and keep a close watch on portable PCs.
Prepare a border inspection plan. Anti-virus controls are weakest on the laptop, so until better technology is available it will sometimes be necessary to update their software manually before they are safe for the enterprise. The next time an attack like Slammer, MSBlast or Nachia hits, impounding laptops at will be the only way to control it.
What do you think?
What are your border inspection plans where laptops are concerned? Tell us in an e-mail >> ComputerWeekly.com reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.
Jay Heiser is principal analyst at TruSecure
This was first published in March 2004