Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Internet security is broken, and no one knows how to fix it

  • 07-12-2008 5:56pm
    #1
    probe
    Closed Accounts Posts: 2,055 ✭✭✭


    Internet security is broken, and nobody seems to know quite how to fix it. Despite the efforts of the computer security industry and a half-decade struggle by Microsoft to improve the security of its Windows operating system software, malicious software is spreading faster than ever. The so-called malware surreptitiously takes over a PC and then uses that computer to spread the software to other machines exponentially. Computer scientists and security researchers acknowledge that they cannot get ahead of the onslaught.

    As more business, commerce and social life has moved onto the Web, gangs of elusive criminals thrive on an underground economy of credit-card thefts, bank fraud and other scams that rob computer users of an estimated $100 billion a year, according to a conservative estimate by the Organization for Security and Cooperation in Europe. A single Russian company that sells fake antivirus software, which actually takes over a computer, pays its distributors as much as $5 million a year.

    With vast resources from stolen credit card and other financial information, the cyberattackers are handily winning a technology arms race. "Right now the bad guys are improving more quickly than the good guys," said Pat Lincoln, director of SRI International's Computer Science Laboratory.

    A well-financed computer underground has built a major advantage by working in countries that have global Internet connections but ineffectual law enforcement agencies that have little appetite for prosecuting offenders who are bringing in significant amounts of foreign currency.

    Read the full story
    http://www.iht.com/articles/2008/12/05/technology/wbsecure.php


Comments

  • #2
    Black Swan
    Moderators, Category Moderators, Science, Health & Environment Moderators, Society & Culture Moderators Posts: 47,528 CMod ✭✭✭✭Black Swan


    probe wrote: »
    "Right now the bad guys are improving more quickly than the good guys," said Pat Lincoln, director of SRI International's Computer Science Laboratory.
    A good argument for white listing, rather than trying to keep up black listing? Of course, only a small part of a solution to a much larger problem.


  • #3
    Donald-Duck
    Registered Users, Registered Users 2 Posts: 1,119 ✭✭✭Donald-Duck


    Sorry to tell you but the internets always been like this...Nothings changed at all, if anything its probably safer now than a few years ago


  • #4
    Capt'n Midnight
    Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,563 Mod ✭✭✭✭Capt'n Midnight


    probe wrote: »
    Internet security is broken, and nobody seems to know quite how to fix it. Despite the efforts of the computer security industry and a half-decade struggle by Microsoft to improve the security of its Windows operating system software, malicious software is spreading faster than ever. The so-called malware surreptitiously takes over a PC and then uses that computer to spread the software to other machines exponentially. Computer scientists and security researchers acknowledge that they cannot get ahead of the onslaught.]

    Can't find the link but IIRC it was fprot saying they could now detect 1.5 million nasties for windows
    there are many commercial UNIX distros that claim to never have had a virus
    OSX has only a hand full of viruses in the wild
    Linux may have a few hundred but that's against ALL versions and because it's free people can upgrade to the latest more secure version at any time, a choice windows users don't have without reaching for their wallets.

    all told windows malware numbers many thousands of times the amount of malwares found on everything else put together. And these numbers are magnitudes of orders higher than you would expect if you just a power of two to cater for the FUD networking effect, yes more viruses target windows because it's more popular.

    the "typical" mac user is richer and less virus savy than the average IBM PC user and so should be a prime target but until 2006 there was no malware for OSX

    simplist solution is to avoid windows / IE where possible
    but note this won't stop you from phishing or hijacked web sites



    the bad guys are making lots of money so as long as the risk/reward balance is in their favour they will keep doing it. spam costs Billions each year , until certain spammers face the prospect of life in prison this won't change ( one second of prison time per email sent seems fair to me )

    re microsoft and security
    I think I'll patent a fix that prevents buffer overruns allowing remote execute
    if I get the wording right then they won't be legally allowed to fix the next big nasty that arrives


  • #5
    _CreeD_
    Registered Users, Registered Users 2 Posts: 4,162 ✭✭✭_CreeD_


    I don't think the technology itself is the root cause of malware expansion. Yes it is getting a lot more organised and complex but we do have some powerful tools at hand to combat it. The problem is that most companies do not invest in the technology and expertise to an adequate level and for better or worse with computers being a household item now and without any requirement to actually become proficient on one botnets go relatively unhindered. It's like letting everyone on the road without a driving license - not trying to be elitist here and I know it's easy to say when you work in the industry but it's a simple fact. You have a very complex system that has the capability to be used remotely to attack other systems and the owners do not understand the threats at all, or how to effectively protect themselves, so the botnets grow and the commercial gain with it which in turn fuels more malware expansion and development. It's another reason Windows is more malware ridden, Linux users are generally more tech savvy simply because it's not an easy choice of OS, you need some technical knowledge to even approach it so you are more likely to delve into it, understand how it works and how to secure it. Most people treat their Windows PC like a TV, learn the basics, trust in whatever super cheap AV the ISP gave them and then wonder why their PC is crawling with crap a few months later. But then what else can they do? Having to learn about your OS before buying a PC would take way too long, it's simply not feasible to expect the average buyer to attain the expertise they need to keep the system clean.
    ISPs need to be more proactive in filtering malware, users are never going to be able to do it at a level that matches the more organised malware developers. Hell if they all just started using Universal Reverse Path Forwarding it would help There are already community services in place to publish the worst offending hosts and networks, an organised global system needs to be put into place.


Advertisement