Thought for the day: Stop crying virus wolf

[InfoSec News <isn () c4i org>]

http://www.computerweekly.com/articles/article.asp?liArticleID=123954

by Jan Hruska 
6 August 2003 

The security industry has a duty to be more realistic, says security
expert Jan Hruska.

If it is true that "sex sells" in the tabloid press, it is certainly
fair to say that "security sells" in the IT media. Any IT department
would prefer to be forewarned about a vulnerability rather than
finding out about it first-hand.

The critical role that the media plays in circulating information
about potential vulnerabilities puts the security industry in a
position of responsibility. It has a duty to provide accurate facts
that can help businesses make informed decisions about current
threats.

Unfortunately, there have been several incidents where threats have
been overblown to make a more interesting story.

Take for example the Anthrax (or Antrax) worm. Coinciding with the
Anthrax scares in the US, one security supplier released a media
advisory warning of this piece of malicious code. In reality, this
virus could be detected by reputable anti-virus software for months
prior to the release. As a result the virus never spread in the wild.

There are several other examples where the IT security industry has
predicted Armageddon. A particularly high-profile damp squib involved
the outbreak of mobile telephone viruses. Since 2000 we have heard
"experts" predicting that mobile viruses are just around the corner
and that we should safeguard our phones now before it is too late.

To date, there have been no viruses for mobile phones and the only
malicious code that exists for handhelds is a couple of Trojan horses
and a virus for the Palm - none of which has ever circulated in the
wild.

Of course, one cannot say that the mobile virus threat will never
happen. As mobile operating systems become more sophisticated, virus
writers may target them. The problem is that with so many false
predictions in the recent past, how will people know when the threat
stops being theoretical and becomes actual?

For the IT security industry as a whole - suppliers, analysts and
consultants alike - the media represents a critical way of spreading
news about threats, but it is crucial that they keep security issues
in perspective and stick to the facts.

This way, the industry can avoid creating a "boy that cried wolf"  
situation where nobody believes that their network is under threat
until it is too late.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.