Can IT keep up with malware authors?

Web users and technology professionals alike are both battling a flood of malicious software - and it increasingly looks like the 'bad guys' are winning
Written by Iain Ferguson, Contributor

Are malware authors now too far ahead of information security professionals for the latter to ever recover?

Indications are information security professionals -- and ordinary users of information and communication technology -- are increasingly on the back foot.

A new report from a United States-based research organisation -- the Internet Storm Centre -- revealed unpatched personal computers now have an average window of just 20 minutes from being connected to the Internet to having their ports probed by malware and most likely, be infected.

This is down from 40 minutes last year and less than the time needed by users to download critical patches.

The time, however, varies greatly with subscribers to Internet service providers who block ports commonly used by worms having more time and University networks and users of high-speed Internet services -- who may be targeted by scans from malware like bots -- having less.

The news followed statements by a senior Microsoft executive, who unfavourably compared patch management to human immune defence systems. Fred Baumhardt told Tech Ed in Amsterdam "if the human body did patch management the way IT does, we'd all be dead".

ZDNet Australia ran these issues past AusCERT computer security analyst Robert Lowe, who conceded the war was not looking so good for the information technology professional and home user.

"Malware authors have had the upper hand for a while," he said. "Security professionals have been on the back foot for long time, the tools to launch attacks are becoming more readily available.

"I don't know if the tide is turning, it's definitely a difficult battle".

Lowe points out that, even at 40 minutes, there was not enough time for home users on dial-up to download the patches needed to protect their computers.

However, he insists that a patch management strategy is critical, taking its place in a "defence in depth" security strategy together with antivirus protection and personal firewalls.

Lowe is less inclined to believe that Internet service providers should be pressured to wade in and do more to filter out the torrent of viruses and worms wriggling eagerly towards unprotected computers. He notes that ISPs do offer antivirus and anti-spam products -- albeit while maintaining the strong stance that traffic is not their problem, they merely provide the medium to connect to the Internet.

Still, while the war is not going the way of the good guys, there are some positive signs, according to Lowe. He welcomes the release of Microsoft XP SP2 as "addressing a lot of the vulnerabilities" facing users. "It's a really positive step forward," he says, pointing particularly to the friendlier interface to security settings provided to users and the automatic enabling of the firewall product. "We definitely recommend installation as soon as possible".

What do you think? Are malware authors so far in the ascendancy that information security professionals will be forever playing catch-up? Is XP SP2 as positive a development as Lowe is recommending? TalkBack to us below.

ZDNet Australia's Iain Ferguson reported from Sydney. For more coverage from ZDNet Australia, click here.

Editorial standards