New computer security dilemma: a lack of viruses

[InfoSec News <isn () c4i org>]

http://www.philly.com/mld/philly/business/technology/3848828.htm

Aug. 12, 2002

LONDON (Reuters) - The first half of 2002 has been an eerily quiet
period for the computer experts on watch for worms and viruses,
leaving some to trumpet their effectiveness even as their predictions
of doom are now looking overblown.

Nobody has a bullet-proof explanation, but theories range from the
introduction of enhanced anti-virus software to stiffer anti-hacker
laws to more vigilant computer users.

Last year, security experts calculate, the Code Red, Nimda and Sircam
worms caused billions of dollars worth of damage, knocking out
computer networks for days and forcing companies to scramble for
patches to prevent recurring attacks.

The wave of intrusions put anti-virus firms in the spotlight. They
warned companies to fortify their networks against these unseen
invaders or risk losing precious time and resources in network outages
and lost files.

For the unprepared, they said, things would get worse in 2002. But
with the exception of Klez, a persistent email worm making the rounds
since earlier this summer, there's been little cause for alarm.

``Klez is the biggest case of the year and that's it,'' said Mikko
Hypponen, manager of anti-virus research at Finland's F-Secure.  
``That's a big surprise to us and to everybody else in the anti-virus
community.''

Hypponen last year warned viruses would spread to mobile computing
devices, including pocket PCs and so-called smart phones, a prediction
that has yet to materialise.

In 2001, F-Secure issued nine ``Level One'' virus warnings, a label it
uses to signify the most damaging outbreaks. This year the number is
zero, Hypponen said.

Other monitoring firms report similar findings. UK-based Sophos
Anti-Virus is detecting 600 to 700 new virus types per month, nearly
half as many as a year ago, said Graham Cluley, a senior technical
consultant at Sophos.

Ohio-based security firm Central Command, Inc. reported a
month-on-month decline in July.

Other firms say the number of viruses in circulation remains steady
compared to last year, but the infection rate has declined, which
suggests that preventative measures and new security software are
proving effective.

The lull in hacking and virus-writing has caught the attention of U.S.  
federal agents too.

Marcus Sachs, a spokesman for infrastructure protection in the
10-month-old U.S. Office of Cyberspace Security, told Reuters at last
week's DefCon hacker conference in Las Vegas that it's an encouraging,
if not puzzling development.

``Have we seen a change in the mindset of the hacking community?... Or
patriotism? Or are we doing a better job getting the word out about
vulnerabilities and patching systems?'' he asked rhetorically.  
Regardless, ``it's a reversal of the trend we saw last year.''

A number of explanations could help explain the downward trend.  
Corporations are taking extra steps to shore up their computer
networks, a development the anti-virus community points to as a big
victory, and they have limited employees' email freedoms.

Also, newer versions of anti-virus software are particularly effective
against the more rudimentary worms and viruses using a common computer
code exploited by young virus writers, known in the industry as
``script kiddies.''

A decline in cybercrime has been attributed to new laws too.

The U.S. Patriot Act, enacted shortly after September 11, and a new
bill, The Cybersecurity Enhancement Act, call for a maximum prison
term ranging from 10 years to life for hacking and virus-writing
offences.

It's adding up to an unsettling proposition. A drop in virus activity,
even if it proves short-lived, comes at a rough time for the
competitive young computer security sector. A number of firms emerged
to cash in on the demand for security help in the past few years.

``For the anti-virus industry in general, a slow-down would not be
very good,'' said F-Secure's Hypponen. ``But I'd love to see it
happen. It would free up the resources for us to do something other
than fight a problem that shouldn't even be there in the first
place.''

Others are convinced it's too early to claim victory and determine
winners and losers.

``It's the calm before the storm. There will be a next one,'' warned
Urs Gattiker, scientific director at EICAR, European Institute for
Computer Anti-Virus Research. ``The problem is if we have to wait too
long for it, will we be too complacent, and not be able to fight it
off?''



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.