CSC 379 SUM2008:Week 3, Group 2
Costs and Benefits of Malware Countermeasures
Examine the changing nature of malware distribution and forms. What ethical concerns are raised by this new set range of threats? Examine the effects (costs and benefits) of countermeasures designed to address these new threats.
- http://www.caci.com/business/ia/threats.html
- http://www.symantec.com/business/theme.jsp?themeid=threatreport
- http://www.gtisc.gatech.edu/pdf/Real%20Message_WSJ_061808.pdf?mod=technology_columns_featured_lsc
- http://news.zdnet.co.uk/security/0,1000000189,39280540,00.htm
Evolution of Malware
Many early viruses were not written to cause serious harm to computers, but were rather written as experiments or pranks meant to be annoying. For instance, the first internet worm was not intended to cause the millions in damage, but was rather written to gauge the size of the internet. Even the Melissa virus, written in 1999, was originally intended as a prank.
Another category of malware that appeared is the type intended to cause data loss. These can either delete files on a hard disk or corrupt a file system by writing junk data. This can be compared to graffiti, as the author's tag follows the malware as it spreads.
Since 2003, another form of malware that has become increasingly widespread is software intended for profit. The rise of broadband internet access has allowed this form of malware to spread. These can include viruses and worms designed to take control of computers for exploitation or denial-of-service attacks designed for extortion.
Furthermore, a new form of for-profit malware that has emerged is spyware. Unlike other viruses, spyware is not spread through email, but rather installed through exploiting security holes or packaged with software. Spyware is designed to monitor a user's web-surfing, display advertisements, or redirect affiliate marketing revenue to the creator.
An additional form of malware is BOTS. BOTS infect a computer and lie dormant until instructions are sent. BOTS are responsible for most of the spam that is propogated. Many of the new BOTS last only for one day, not nearly enough time for anti-virus programs to respond.
Evolution of Threat Speed
<working...>
Based on a report in the Wall Street Journal [1], in 1999 it would take up to 281 days from the time that a computer system security flaw was announced until a malicious code would take advantage of that. However as of January 2004 this number declined to 10. The rate of the distribution has changed dramatically as well. Based on an article that was published by the CERT Coordination Center at Carnegie Mellon University, as of January 2003 a SQL based worm (slammer) infected ninety percent of the vulnerable servers within the first 10 minutes of the distribution. Currently it takes only 6 days between the revelation of a vulnerability and the release of its exploit. Given that the average time that it takes to release a patch for the exploited flaw is 54 days [2] which means that it is not very effective.
Evolution of Threat Stealth
Financial motivations cause malwares to become more advanced in hiding and preventing detection. Rootkits and bots are some of the tools that malwares are using to hide themselves [3]. Since the number of different viruses and worms is doubling every six month [4], the chance of persisting undiscovered malwares increases dramatically. However as the antivirus and anti spyware applications evolving and providing a better protection for the operating systems, most of the malware authors have focused on higher level web applications which are more vulnerable due to the lack of defense, and that has caused lot of privacy violation incidents [5, 6].
Ethical Concerns of New Malware
<Work in Progress>
As malware has evolved over the years, so have the ethical concerns associated with them.
Costs and Benefits of Countermeasures
There are several countermeasures to fight against malware. Arguably, the most important is a anti-virus application like Symantec Norton AntiVirus or [http://usa.kaspersky.com/ Kaspersky Anti-Virus. These programs offer protection against viruses and many other types of malware by use of a blacklist. However, it is impossible to stay completely ahead of all viruses, so there is a lapse between the time a new virus is released and the time it takes to get the blacklist updated and installed on machines. These programs often must be purchased and come with subscription fees.
For spyware, there are other options that are available. Because of the anti-virus programs' slow response to the boom of spyware, free spyware programs surfaced. Programs such as Spybot-Search and Destroy and Ad-Aware offer free scans and removal of spyware.
Another option to prevent malware is to avoid the programs that malware developers target. Microsoft operating systems are the most popular and thus the most often targeted for attack. Switching to another operating system can reduce the number of viruses one can greatly limit the number of malware programs that can harm one's system. Furthermore, Internet Explorer is the browser most often targeted and switching to Firefox or Opera will limit the available viruses one can obtain.
Links and Sources
1. D. Bank, "Computer Worm Is Turning Faster," The Wall Street Journal,May 27, 2004.
2. Symantec Internet Security Threat Report, Volume VIII, Published September 2005
3. http://en.wikipedia.org/wiki/Rootkit
4. Symantec Internet Security Threat Report, Volume VIII, Published September 2005
5. J. Swartz, "40 million credit card holders may be at risk," USA TODAY, June 19, 2005, http://www.usatoday.com/money/perfi/general/2005-06-19-breach-usatx.htm
6. L. Mearian, "System break-in nets hackers 8 million credit card numbers,"COMPUTERWORLD, February 24, 2003, http://www.computerworld.eom/securitytopics/security/story/0,10801,78747,00.html