Some computer consultants say the global malware threat has gotten
so bad that conventional security measures, such as anti-virus software,
are no longer adequate to fight them.
Anti-virus programs are “totally useless,” says Mohammad Mannan, an
assistant professor at the Concordia Institute for Information Systems
Engineering in Montreal.
“If you use them, you might even be vulnerable [to malware] to some extent,” he says.
A recent Visa survey showing that 92 per cent of respondents under
the age of 35 had been the target of phishing scams demonstrates the
tenacity of the hackers who are trying to seize personal financial
information.
- Malware menace: 5 ways your computer is threatened
- Phishing scam emails, texts on the rise, surveys show
Anti-virus software works on the principle of identifying malevolent files and infected sites. But because of the sheer volume of malware online nowadays, rather than blacklisting bad sites we should be “whitelisting” the good ones, says Stu Sjouwerman, founder and CEO of U.S.-based computer security consultancy KnowBe4.com.
The amount of malicious software — better known as “malware”— circulating on the web has grown significantly in the past decade.
According to figures from virus detection sites, in 2002 there were
an estimated 17 million known “good” executable files from various
existing applications on the commercial internet, while antivirus
engines detected two million nefarious ones.
By 2012, there were 40 million known good files and 80 million bad ones.
Malware threat growing
The main driver of this shift is cybercrime, says Fabrice Jaubert, a
software developer who works with Google’s malware detection team in
Montreal.
In the past, malware was often the work of malicious individuals or
pranksters looking for recognition of their coding prowess. But
according to Jaubert, computer attacks nowadays are perpetrated almost
entirely by organized crime.
“It’s 100 per cent criminal – or 99.99999 per cent,” says Jaubert. “The end goal here is money — big money.”
Criminal hackers look for ways to install malware on your computer
for the purpose of stealing your passwords, credit card numbers and
banking information — which they can sell to other criminals — or
commandeering your computer to distribute illicit material such as porn.
Cybercrime is estimated to be a $3 billion US industry, and its perpetrators are largely based in eastern European countries such as Romania, Russia and Ukraine, says Sjouwerman, author of Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.
One of the reasons malware is such a widespread problem is that it
has become harder for consumers to detect, says Tony Anscombe, senior
security evangelist for anti-virus firm AVG.
“Malware viruses used to be disruptive — if you got one, you knew you
had it. Now, they’re deceptive and hide in the background,” Anscombe
says.
There are a number of ways hackers can get into your computer, but
nowadays, a lot of it is accomplished by “social engineering.” For
example, you may get an email or even a phone call that appears to be
from a bank or a tech support representative asking you to open an email
attachment or to click through to an infected website.
The problem with anti-virus software
In the face of this ever-present threat, computer security firms have
made billions of dollars selling anti-virus software to consumers.
The major problem, says Concordia’s Mannan, is that anti-virus
software is by nature reactive, which means that it responds to specific
malware after it has been distributed. Should a malware writer change a
few lines of code, however, that anti-virus solution suddenly becomes
obsolete.
It’s the sheer number of malware variations that makes it impossible
for anti-virus software to effectively combat the problem, says Mannan.
To illustrate this, he points to the Storm botnet of 2007, a
sophisticated piece of malware that affected millions of computers
worldwide and generated 8,000 variations of itself every day.
“How many updates or variants are you going to catch, if you’re an anti-virus company?” Mannan asks.
But while anti-virus software isn’t foolproof, it’s “a long way from
useless,” says Brian Bourne, co-founder of Toronto's annual
SecTor cybersecurity conference.
He likens anti-virus software to locking the doors of your car.
“It doesn’t stop someone who's motivated from stealing your car, but
it does force them to put a little bit of effort in and it does mean
you’re not quite as easy [a target] as the unlocked car beside you,” he
says.
Google’s Jaubert says that in recent years, some hackers have even
taken to posing online as anti-virus companies with legitimate-looking
websites, finding victims by ironically playing on their fear of
malware. They offer "virus scans" that are actually malware.
Is ‘whitelisting’ the answer?
Given these overwhelming threats, Sjouwerman believes whitelisting is vital to keep web surfers safe.
The principle is similar to verified accounts on Twitter, which was a
response to the proliferation of bogus accounts (usually ones
pretending to belong to celebrities). Rather than identifying all the
fake accounts, Twitter’s verification process simply certifies the
legitimate one.
Whitelisting has been around for more than a decade, says Mannan, but only a few companies offer it right now.
The way it works is that anytime you surf the web, the whitelist
prompt appears in your browser. If you go to a website that has been
penetrated by hackers, the browser pops up a stern warning telling you
not to proceed to the site.
Google’s Chrome browser “has this to a degree, but that’s all based on blacklists,” says Sjouwerman.
Whitelisting would keep a list of good sites on your workstation and
in the cloud, which is a “sanity check” for the list on your computer.
Sjouwerman is convinced it’s the only way to deal with the growing malware threat.
“We need to do a 180, and we need to stop keeping the bad guys out, because you can’t keep up,” says Sjouwerman.
“That’s why I’m on an evangelizing rampage to tell people we need to go to whitelisting.”
0 comments:
Post a Comment