As new viruses hit, software scrambles to keep up
When security expert Dave Kroll got the call at 5 a.m., the virus disguised as tennis star Anna Kournikova was already rolling through Europe. When he went to his California bank at noon, the bank itself had been hit. By the end of the day, his wife's company network had also been shut down by the bug.
Such is the power of Internet-driven viruses. And while this week's Kournikova episode merely clogged systems with millions of electronic messages, it should serve as a wake-up call to the industry, security experts say. Current defenses don't work well. If individual and corporate computer users don't change strategies soon, the situation could get worse before it gets better, experts warn.
"We think of defending our castles these days, and people talk about moats and things," says Gary McGraw, vice president of corporate technology at Cigital Inc., a software risk-management company in Dulles, Va. "The problem is that mobile code attacks are kind of like laser-guided bombs. We need brand new defenses." One main reason: Internet viruses spread globally within hours, and current remedies can't keep up.
Consider antivirus software. Some 98 percent of corporate desktop computers now sport a reasonably up-to-date version of the software, according to TruSecure Corporation, a computer security firm based in Reston, Va. Nevertheless, the Kournikova virus waltzed right through antivirus defenses of many corporate and individual computers, as did last year's even more spectacular "I Love You" virus.
A Netherlands user called "OnTheFly" claimed responsibility for the latest attack.
To be sure, antivirus companies quickly issued fixes. Since both programs worked by sending users inviting e-mails with a rogue e-mail generator attached, the fixes weren't hard to produce. Antivirus companies have also speeded up their response time to such problems in recent years.
But that's not the point, security experts say. "It doesn't matter whether they get it out in eight hours or four hours or two hours," says Mr. Kroll, director of security research at Finjan Software, based in San Jose, Calif. "This reactive approach doesn't cut it now."
Instead, security experts are pushing for a proactive approach. Finjan, for example, offers corporations (and individuals through a freeware program) software that performs "behavior monitoring." The idea is straightforward. Every time a suspect program starts to do things the computer considers suspicious, the program gets stopped in its tracks.
Even antivirus companies are joining the chorus of concern. "We want to find more and more proactive ways to deal with these threats," says Stephen Trilling, director of research at the Symantec AntiVirus Research Center in Santa Monica, Calif. "Simply installing antivirus software is not enough."
So the company is adding behavior blocking software, similar to Finjan's, in its next consumer version of Norton AntiVirus, due out in three to five months. Symantec already bundles another necessary piece of Internet-age protection - a firewall - with its antivirus program. Firewalls keep would-be hackers from scanning computers linked to the Internet for vulnerabilities.
This scanning is burgeoning. In September of 1999, such scans occurred once a week at an average Internet address, says Peter Tippett, chief technologist for TruSecure. Now, they take place seven times a day.
With so many threats, security doesn't lie with a single program, Mr. Tippett argues. Instead , users need a layer of defenses. "Having lots and lots of little things that work some of the time is extremely effective."
(c) Copyright 2001. The Christian Science Publishing Society