Malware authors push further ahead

Indications are information security professionals -- and ordinary users of information and communication technology -- are increasingly on the back foot.

A new report from a United States-based research organisation -- the Internet Storm Center -- revealed unpatched personal computers now have an average window of just 20 minutes from being connected to the Internet to having their ports probed by malware and most likely, be infected.

This is down from 40 minutes last year and less than the time needed by users to download critical patches.

The time, however, varies greatly with subscribers to Internet service providers who block ports commonly used by worms having more time and University networks and users of high-speed Internet services -- who may be targeted by scans from malware like bots -- having less.

The news followed statements by a senior Microsoft executive, who unfavourably compared patch management to human immune defence systems. Fred Baumhardt told Tech Ed in Amsterdam "if the human body did patch management the way IT does, we'd all be dead".

ZDNet Australia  ran these issues past AusCERT computer security analyst Robert Lowe, who conceded the war was not looking so good for the information technology professional and home user.

"Malware authors have had the upper hand for a while," he said. "Security professionals have been on the back foot for long time, the tools to launch attacks are becoming more readily available.

"I don't know if the tide is turning, it's definitely a difficult battle".

Lowe points out that, even at 40 minutes, there was not enough time for home users on dial-up to download the patches needed to protect their computers.

However, he insists that a patch management strategy is critical, taking its place in a "defence in depth" security strategy together with anti-virus protection and personal firewalls.

Lowe is less inclined to believe that Internet service providers should be pressured to wade in and do more to filter out the torrent of viruses and worms wriggling eagerly towards unprotected computers. He notes that ISPs do offer anti-virus and anti-spam products -- albeit while maintaining the strong stance that traffic is not their problem, they merely provide the medium to connect to the Internet.

Still, while the war is not going the way of the good guys, there are some positive signs, according to Lowe. He welcomes the release of Microsoft XP SP2 as "addressing a lot of the vulnerabilities" facing users. "It's a really positive step forward," he says, pointing particularly to the friendlier interface to security settings provided to users and the automatic enabling of the firewall product. "We definitely recommend installation as soon as possible".

What do you think? Are malware authors so far in the ascendancy that information security professionals will be forever playing catchup? Is XP SP2 as positive a development as Lowe is recommending? E-mail us at edit@zdnet.com.au and let us know.