Think Information. Think Security.
 
Picture
Heres the question: If you connect an unprotected Windows computer to the internet, how long will it take before it is infected by malicious software? The answer is: much more quickly than most lay users think. In 2003, the average time was 40 minutes. A year later it was 20 minutes. By 2008 an unpatched computer running Microsoft Windows XP could only expect five to 16 minutes of freedom. The Internet Storm Centre (ISC) provides a useful chart of what it calls "survival time" for Windows machines. It suggests that a PC currently can expect between 40 and 200 minutes of freedom before an automated probe reaches it to determine whether it can be penetrated. The numbers for other operating systems (such as Unix and Linux) are better (from 400 to 1,400 minutes), but the moral is the same: the only way to have an absolutely secure computer is not to connect it to the net.

The PC security business does offer a degree of protection from the evils of malware, but suffers from one structural problem: its products are, by definition, reactive. When a particular piece of malicious software appears, it is analysed in order to determine its distinctive "signature", which will enable it to be detected when it arrives at your machine. Then a remedy is devised and an update or "patch" issued – which is why your PC is forever inviting you to download updates – and why IT support people always look pityingly at you when you explain sheepishly that you failed to perform the aforementioned downloads.

This cosy arrangement was too good to last, what happened is that computer security labs in Iran, Russia and Hungary announced the discovery of a virus called Flame, which one researcher has called "the most complex malware ever found". For at least two years Flame has been copying documents and recording audio, keystrokes, network traffic and Skype calls, as well as taking screenshots from infected computers. And passing all the information it harvested to command-and-control servers operated by its creators. And here's the really startling bit: in all that time, no security software raised the alarm. It bypassed the "signatures" databases of all the PC security companies.Nobody knows who wrote Flame, but the consensus in the industry is that it was an expensive high-end creation in the same league as the Stuxnet worm that attacked the Iranian nuclear programme. The odds are, therefore, that it was a product of the security agencies of the US, UK or Israel, or some combination thereof. But because the malware incorporated a "kill switch" that can wipe out all traces of it from an infected machine, and that switch has reportedly been activated.

In thinking about this, some companies and researchers are looking to natural systems for inspiration. The human body's immune response system, for example, is pretty impressive in detecting and dealing with intruders and IBM has used it as a metaphor for its "Digital Immune System for Cyberspace". The company claims that its system can automatically detect viral activity at a very early stage as well as develop a cure and distribute it across the internet faster than the virus spreads. No doubt other researchers are working on similar ideas. If so, then perhaps we won't have wasted the crisis triggered by Flame.

Cross-Posted from: TheGuardian



Leave a Reply.