Thought for the day: Any time, any place, anywhere

Simon Moores has detected a mood of fatalism among virus-hit businesses

New Asset  

Last week the Witty virus burst on to the scene, but those affected weren't laughing. Simon Moores has detected a growing feeling of fatalism among businesses as they wait for the next big threat.

 

 

I don’t wish to appear alarmist, but on the one hand you have Sir John Stevens warning us that a terrorist attack on London is inevitable and on the other, there’s talk among the IT security vendors - among them Symantec - of a "zero-day", "blended" threats being imminent.

Symantec says that such a threat could target a potential vulnerability before that vulnerability is discovered and a patch made available. If such an outbreak occurs, the results could make Blaster look like a bad case of the sniffles in contrast with a raging flu pandemic.

Added to this, the Computer Virus Prevalence Survey found that last year almost a third of the businesses polled worldwide had suffered a virus "disaster", defined as 25 or more computers infected by a single virus in the same incident. The survey indicated that antivirus software isn't a complete defence again the risk of infection. What's more, at least 90% of the companies surveyed said their desktops have antivirus protection, but still a third of the companies suffered virus disasters.

As many experts have predicted, the payloads being carried by viruses are showing signs of becoming more destructive. Netcraft reports that a Slammer-like worm called Witty spread rapidly last week, generating large amounts of network traffic and leaving ruined computers in its wake.

The worm exploits a weakness in the widely used Black Ice security products, and is not detected by antivirus software as it resides in memory. When an infected system is rebooted, Witty deletes a randomly chosen section of the hard drive, rendering some machines unusable.

Symantec's latest Internet Security Threat Report warns that the Windows operating system uses components that are common to both corporate and consumer environments and, because of their extensive use, vulnerabilities in these components may make rapid, widespread severe events more likely.

It also warns that client-side vulnerabilities in Microsoft’s Internet Explorer are on the rise. These, it says, may allow attackers to compromise the systems of client users who unwittingly visit malicious websites. In the past six months, researchers discovered 34 vulnerabilities in Internet Explorer.

Even bookies aren’t safe in cyberspace. A joint Netcraft and BBC investigation has revealed that in horse racing, knobbling the jockey or his horse is a crime of the past. Instead, the UK's top 20 betting sites have become the targets, having suffered 33 separate outages since the beginning of this month. They admitted being the victims of denial-of-service attacks or received extortion demands by criminals before the start of the Cheltenham Festival.

Ironically, as a consultant in the information security and computer crime space, I’m restricted in what I can write, by client confidence and non-disclosure agreements.

I can, however, express my opinion that in some areas of the economy, these matters give rise to more concern than many of us might think they do and industry is short on immediate solutions to what we might call the inevitability problem.

Longer term, there’s industry optimism over the information security response to today’s problems, but the future is a long way away in internet terms and in the present, there’s a pervasive pessimism, much like that felt by troops waiting for the enemy’s next artillery barrage and wondering if their foxholes are deep enough

What do you think?

Have system vulnerabilities left you feeling vulnerable? Tell us in an e-mail >>  ComputerWeekly.com reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.

Setting the world to rights with the collected thoughts and opinions of leading industry analyst Dr Simon Moores of Zentelligence.

Acting globally, Zentelligence (Research) advises governments, suppliers, business and the media on the evolution, application and delivery of leading-edge technologies and specialises in the areas of eGovernment and information security .

For further information on Zentelligence and its research, presentation and analyst services visit www.zentelligence.com

This was last published in March 2004

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close