The malware situation has become a source of real stress. Not just for businesses, but even for those in the antivirus industry. The rate at which new malware is discovered has increased from 300 to a staggering 350,000 a month in the last decade.
In the beginning a lot of the malware was fun, playful and harmless. Mostly messages and pranks where coders showed off their ability. Now it is almost always malicious with the intent make money by destroying data, restricting access and disarming functionality. The biggest problem with the industry is that there are almost as many gains on offer for those creating the viruses as there are for those trying to combat it.
With the World Wide Web being just that – world wide – it is extremely difficult to fight the creators of malware. They are part of a highly sophisticated criminal networks spanning the globe and using lack of legislation in countries around the world. This makes it very difficult to stem financial flows to the bad guys, keeping the industry appealing to those looking to do well for themselves by doing bad to others.
The below article discusses this issue in more depth and suggests what steps must be taken to make the antivirus industry more successful based on insights from AVAR 2014.
The interesting thing about nostalgia is things were seldom better in the past.
However, you can’t really fault the attendants at the recent Association of Anti-Virus Researchers conference in Sydney for longing for better times, because the present malware situation is nightmarish.
Don’t get me wrong: we’re better off with an antivirus/security industry than without it, and it employs some brilliant people who do fantastic work keeping our IT systems safe.
The researchers, however, face formidable forces that are motivated and skilled – and increasingly well-resourced.
ESET chief technology officer Pavel Luka estimated that there’s at least a US$5 billion business out there for the bad guys – the security industry turns over US$6 billion.
Some digital miscreants do it for the money but then there are intelligence agencies and private companies joining in to exploit vulnerabilities for purported national security purposes.
This is in an environment where vendors churn out ever more networked equipment that is seldom tested for security and vulnerabilities.
That’s before we consider users themselves doing dangerous and dodgy things.
With so much against it, it’s amazing the antivirus industry has managed to provide any level of protection, but the industry won’t solve the problem with the current thinking.
F-Secure chief research officer Mikko Hyppönen touched upon how his industry had failed its users massively by not detecting the Stuxnet state-sponsored malware two years ago.
This week, we’ve been told about another state-sponsored malware, Regin, that may have been kicked off in 2003, and hit the antivirus industry radar five to eight years later.
If that’s the case, does Regin count as another antivirus industry failure?
At the time, Hyppönen suggested that antivirus alone was insufficient, and a defence-in-depth approach with multiple elements such as intrusion detection systems was required.
To some extent that’s true, but all the technology deployed in the past has done very little to decrease the threats faced by organisations and individuals.
What’s more, the technology deployed by antivirus vendors is usually good but it can’t cover every case, not even with generics and behaviour blockers that aim to catch new and unknown bits of evil (in-joke for the AV oldies: hope Zvi Netiv doesn’t read this).
It would have been apparent to the antivirus companies that malware and exploiting vulnerabilities would become not just a massive business but also an infowar weapon.
What the industry needs is binding international agreements that outlaw state-developed malware and cut off the money flows to cyber criminals, while having technology safety certification schemes in place.
Greater transparency would also help – meaning that any entity that discovers malware should name the creators.
Instead, what the industry faces is secrecy and a threat landscape that’s growing bigger by the day – and that is the real failure.
Unfortunately, it may be too late for the industry to address that oversight, as it’s unlikely governments and criminals will want to give up their cyber weapons arsenals.
A few years on from now there won’t be much nostalgic fun to be had.
This article was originally published on IT News on the 26th of November 2014 by Juha Saarinen. You can read the full article here.