2008: Year of Innovation, Both Good And Evil - Page 2

 By Andy Patrizio
Page 2 of 2   |  Back to Page 1
Print Article

Page 2 of 2

Malware "whack-a-mole" will continue

The advances that have taken place in malicious software over the past year would be a whole lot more impressive if they weren't so toxic. It has to be said, however grudgingly, that the bad guys are very good at what they do.

To borrow from Shakespeare, the problem of security lies not in the malware but in ourselves. According to research by Symantec, 46 percent of all data breaches are due to lost laptops. And countless gullible users have clicked on links and file attachments that they shouldn't have, spawning untold numbers of worms, Trojans and key loggers.

But malware authors and online tricksters aren't content to just let us be stupid. They continue to find new ways to take advantage of that. The FBI estimated in 2006 that cybercrime cost businesses $67 billion while Consumer Reports estimates consumers lost $8 billion in the past two years to criminal malware.

That's big money. As a result, and perhaps even more troublingly, the people behind malware are treating it like a business, offering service contracts, malware developer toolkits and product support comparable to a legitimate software company.

"The professionalization of code is one of the biggest trends we've seen throughout the year," said Oliver Friedrichs, director of emerging technologies at Symantec's Security Response team.

One such example is MPack, an SDK (define) for building viruses that comes courtesy of a Russian hacker group. It sells for between $500 and $1,000, with add-on packs sold as well, just like a developer's toolkit. MPack makes it easy to develop complex attacks that exploit vulnerabilities in Web browsers, giving even beginners the capabilities of a pro.

Phishing, that fine art of grabbing your vital financial information, is also made simpler thanks to a trio of developer kits. Symantec estimates 42 percent of all phishing attacks in 2007 were launched thanks to these kits, the most well-known of which is called Rockfish. It's only going to get worse in 2008 as the developers of these kits update them to perform more sophisticated attacks.

With malware advances like the Storm worm, which mutates every 30 minutes, it's pretty much impossible for antivirus vendors to keep up with them. The traditional method of virus detection, using a signature file to detect characteristics of the virus, simply doesn't work any more.

Consequently, the new move in security is toward heuristics, detecting viruses based on suspicious activity. This way, they can be caught well in advance of a sample being sent in to the AV companies for examination.

Every antivirus company is working on heuristic security, with varying degrees of success. It's one thing to detect known viruses, and most companies do reasonably well. Detecting the unknown, however, is a little more hit or miss.

This year, antivirus vendors spent much of their time optimizing their software. Symantec and Trend Micro talked about how they were streamlining their code to be less intrusive, since that was a major consumer complaint. You can bet they will spend 2008 putting as much effort into catching the unknown and improving their heuristics.

But just as security vendors are working to make computers safer and more locked-down, a new threat emerges: the mobile phone.

"A lot of phones now have TCP/IP, making for a whole new vector to attack," Friedrichs said. Until now, he added, antivirus vendors hadn't yet seen the need to worry about mobile phone attacks, "partly because the attack surface is so small."

Today, however, with functions like e-mail and Web browsing, mobile phones now offer malware authors a new place to attack. It doesn't help that phone vendors are making it easier for third parties to code for their devices, thanks to SDKs on the way: Apple's for the iPhone and Google's Android kit.

As a result, you can reasonably expect next year to mark the advent of antivirus software for your cell phone -- as well as the malware they'll be targeting.

Virtual(ization) Reality

It was hard not to notice all the excitement around virtualization this year. VMware had one of the best-received IPOs of the year, and virtualization was one of those rare ideas that could get everyone from Intel to IBM to Microsoft to agree on something: namely, that it's needed.

The technology's supporters have predicted virtualization will help enterprises save costs from server consolidation, improve IT staff effectiveness, simplify workstation deployment and enhance server and end-user security.

Thus far, virtualization has helped in consolidating workloads from servers running at five to 10 percent utilization. Unfortunately, that was the easy part. Along the way, issues began to pop up, needing to be addressed -- like I/O. Now come the next steps.

"People have had a chance to get early experience with this technology and are now asking what else can I do with it?" said Jean Bozman, vice president with IDC.

IDC expects the number of virtualized servers to reach 1.7 million units sold annually by 2010. With its growing importance, the ecosystem around virtualization is being forced to mature, in part to counter new concerns with adopting the technology.

As a result of virtualization's heightened prominence -- and the growing scrutiny of IT buyers accompanying it -- deals like the recent SAP/VMware agreement for mutual support represent the next stage in the technology's growth. The partnership calls for both companies to stand behind the other, no matter where the call for support goes.

"That's the hallmark of enterprise support because it eliminates finger-pointing," Bozman said.

There are similar such announcements surrounding Oracle releasing a hypervisor and Sun's xVM plans. These two, along with the SAP/VMware news, indicate greater attention will be paid to demands like high availability, a must in the enterprise.

Still, virtualization clearly remains in its infancy. While some industry-watchers had expressed concern that the tech would hurting server sales -- IDC thought unit growth would be impacted -- the server market continues to grow, albeit slowly.

"Any fears the server market would fail to show growth from virtualization hasn't happened yet," Bozman said.

Perhaps in a sign of things to come, however, this year's fastest-growing server segment has been blade systems. Blades, popular for virtualization efforts, topped $1 billion in quarterly sales for the first time this year.

Article courtesy of internetnews.com

This article was originally published on Dec 28, 2007
Get the Latest Scoop with Networking Update Newsletter