Security industry 'not making much difference'

By Munir Kotadia on Nov 3, 2009 12:16 PM
Filed under Security
 

500 percent increase in malware last year.

The security industry is making virtually no progress stopping - or even slowing down - cybercriminals from infecting the worlds' PCs with malware, according to McAfee.

At a cybercrime workshop in Sydney on Monday, Dmitri Alperovitch, McAfee's vice president of threat research, painted a gloomy picture.

"Few people realise how worse things are getting," Alperovitch said. "We have seen a 500 percent increase since 2007 to 2008 in the number of unique malware... Just this year alone we have seen a 150 percent increase from the same period last year.

"Across the board things are getting much, much worse on a day-to-day basis and we are not making much of a difference in terms of an industry, a society, in coping with the threat," Alperovitch told iTnews.

Interestingly, Alperovitch believes the cybercriminals are far more afraid of rival criminal gangs taking over their zombie botnets than they are of security firms disinfecting them.

"There are so many victims or potential victims out there they are not too concerned about what we do in the security field because they know there are so many people who are completely unprotected.

"[Rival gangs] are taking away their market share, they are taking away their customers - of course their customers are actually victims who have been compromised - and there is no honour amongst thieves so they steal from each other, they attack each other and they do whatever they can to earn a living," Alperovitch added.


Security industry 'not making much difference'
2 comments in this discussion
"The real test of expenditure on IT security has to be one of just how much the base ICT industry itself is spending, e.g. Microsoft, Intel, AMD, Google, IBM, RedHat, Apple, CISCO, etc. This is ..."
By wjc
 
Tags
mcafee, security, cyber, criminal, trojan, cybercriminal, virus, threat, report
Related Articles
Breaking Stories
 
 
Comments: 2
imortl
Nov 4, 2009 9:39 AM
 There is no denying that there is a lot of money being spent on security. However, most of this money is probably being spend in the enterprise arena where companies are protecting their infrastructure so that they can keep doing business.

The average home user does not have a big security budget nor do most of them have clue 1 about the risks that the internet pose to their machine. Anti-virus software has good market penetration and can do a good job to keep "bad things" away, it cannot protect against the will of the user.

I was once told at a security conference that "if you give a user the choice between security and seeing the dancing snowman, the dancing snowman will win." There are 2 major downsides to this:
1. It highlights the point that the users perceive the threats as negligible and don't understand the real dangers to their systems.

2. This is no secret an the people writing the Malware know this and until the users change perception, they will keep on writing it!
wjc
Nov 4, 2009 7:04 PM
 The real test of expenditure on IT security has to be one of just how much the base ICT industry itself is spending, e.g. Microsoft, Intel, AMD, Google, IBM, RedHat, Apple, CISCO, etc. This is analagous to determining how much the car industry is spending on safety versus what the taxi industry, the user of cars, is spending.
You see - the major problems we are seeing from "zombie" systems and the like are simple failures of operating system integrity, as is the ability of an application, like a browser, to perform system level operations.

Anyone remember "C2 by '92"?
or even the later "B2 by '95" initiative?

By now (2009) we should have seen commodity software systems that enable easily understood and managed "flexible mandatory access control (FMAC)" that clearly enables enforced labeling of ALL computer software components and data. Imagine, with an FMAC system you could declare that those files used for home banking are only available to a banking application ALONE and to no other - and that includes any software operating at the old fashioned "admin" level.

FMAC - ideally suited to the home user - making end-user security easy to understand, manage and use.

BUT - where is it?
Well - unfortunately only with "Secure LINUX" (SUSE, RedHat, Fedora, Ubuntu, etc.), BSD, SUN Solaris and others - but all these are hardly end-user, home-user "friendly"!!!

It will require MANDATORY procurement requirements from government to get the ICT industry (not the user industry like the banks, healthcare industry, etc.) to harden its base systems ( and "virtualisation doesn't help in this regard.)
Comments have been disabled for this article.
 
 
 
Top Stories
The New Zealand telco problem
The New Zealand telco problem
Opinion: Could Telstra save Kiwi telcos?
 
IT price probe to 'name and shame' gougers
IT price probe to 'name and shame' gougers
Industry ducking the issue, committee claims.
 
Revealed: 2012 e-government award winners
Revealed: 2012 e-government award winners
Government highlights projects, professionals of the year.
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

Latest Comments
Powered by Disqus
Polls
Should the Government enact new legislation to protect copyright holders in the digital age?
   |   View results
Yes
  19%
 
No
  81%
TOTAL VOTES: 480

Vote
view previous polls »