Behave Sensibly
On thursday last week CNET ran a run of the mill story claiming the United States is the worlds top spammer. Claimed on the back on research by Sophos tracking spam from July to September, a report they seem to publish on a quarterly basis. They assure us that 18.6% of all spam originates from inside the USA, apparently a jump from the second quarter.
If this was general news, maybe there would be IT people who didn’t know that, but published in the security section it’s the blindingly obvious The USA having been the largest source of spam for a long time now. What then follows, seems to me, to bring into sharp relief the pointless nature of much of this kind of research and the dysfunction of the industry who produce it.
The report also highlighted the growth in spam from social-networking sites over the third quarter. Last month, Twitter users were hit by a “MouseOver” exploit that redirected them to third-party spam sites if they simply hovered over a link in a tweet. And over the summer, Facebook users faced their own scams, ones that attempted to trick them into filling out bogus surveys, with the information then used to spam their friends.
So hovering your mouse over a URL link is all that is required to hijack a browser. And filling out any kind of survey has become a big no-no. Having slipped into the report how truly vulnerable users are and how easy it is to get compromised on the internet today, Sophos end with this stunning piece of advice:
To protect their PCs from infection by bots and other malware, Cluley advises users to run antispam and anti-malware tools, behave sensibly when online, and stay updated with the latest security patches.
Three key things that users must do. Run anti virus. Stay updated. Behave sensibly. He does mention malware but I’ve rolled that into anti virus. This advice is from a highly respected security researcher and it possibly represents our industries best practice. Advice gleaned from a decade of experience. That’s why I’d like to make the following cynical observations.
Advice one. Anti Virus/Malware
According to that wonderful piece of research from Cyveilliance, eight days after a new virus is found on the internet there is a 64% chance that the Sophos anti virus scanner WON’T detect it. After two weeks one quarter of new virus’s still go straight through. That’s not to single out Sophos; McAfee, TrendMicro, eTrust and Symantec are all as bad or worse. Even after one month Sophos miss 15% of new viruses. So if you managed to get the signature update the moment it appeared you were wide open for at least weeks.
Cyveillance research here
Advice Two. Stay Patched
TippingPoint conservatively quoted Microsoft as having 100 days to patch in 2009. That doesn’t include the time for discovery, or getting Microsoft to accept their responsibility for the shoddy engineering. This represents how long it takes them to get a patch to the customer. That’s not to pick on Microsoft; Adobe is 179 days, Symantec is 307 days and IBM is 190 days. Meaning if you download and patch the moment it is posted you were wide open for at least months.
TippingPoint Labs here
Advice Three. Behave Sensibly
A nice way of saying if something goes wrong it’s your own fault.
As an industry, this is all we have to show for ten years of dedicated effort, research and coding. If you get a virus in the weeks or months this industry leaves you hanging out unprotected on the internet — we blame you the customer. I really don’t know how we get away with it.
Aside from filling up web pages for CNET with seemingly ‘newsy’ looking content - what exactly is the point of this sort of research?
Comments
Post new comment