Most UK companies 'still vulnerable' to blended attacks

Even after a summer of intense virus and worm activity, a survey has revealed that most UK companies are still vulnerable to the type of attack used by MSBlast and Slammer

Almost 75 percent of UK companies still do not have adequate protection against the type of attacks used by worms such as MSBlast or Nachi, according to a survey by security company Network Associates (NA).

The firm interviewed 200 IT directors from medium to large firms in Europe during August, a period which coincided with the outbreak of several malicious viruses and worms that exploited vulnerabilities in Microsoft's Windows operating system.

Christopher Thompson, vice president of marketing at Network Associates, told ZDNet UK he was concerned about the number of companies -- especially in the UK and the Netherlands -- that admitted to not having protection against blended threats. These exploit an existing vulnerability to gain access to a system, then deploy a malicious payload.

According to the survey, 42 percent of UK companies are unprotected against blended attacks while 38 percent have no plans to protect themselves. "This means somewhere close to 70 percent probably have inadequate protection strategies against blended threats," Thompson said. "That is a dangerous place for companies to be and it tells me the risk to companies is growing, not shrinking," he said.

Thompson also said he was surprised by the general lack of awareness about security issues during a period of so much viral activity: "You would think that after Slammer, Lovsan, MSBlast, Nachi and Sobig, there would be a heightened state of awareness. We were surprised by the relative level of preparedness and the variations between different countries in Europe," he said.

The survey also revealed that there is a significant difference in attitudes towards security between European countries. Companies in Germany, France and Sweden tended to adopt a proactive policy, whereas in the UK and Netherlands companies opted for a reactive policy. "The UK and Netherlands are spending most of their time reacting to things that happen -- such as applying patches and fixing security vulnerabilities," said Thompson.

More than half of companies in Germany and the Netherlands discuss security issues at board level, whereas in France, only 25 percent of respondents said the subject of security was discussed during board meetings. The UK ranked slightly higher at 35 percent. Although the situation is dangerous, Thompson said it is an improvement over 2001. "The good news is that this is now being discussed, which is an improvement to what we were seeing 18 months ago," he said.

In the past, security companies have been guilty of "over-promising and under delivering", Thompson admitted, but he blamed Microsoft for some of the problems. For example, he said, there is no reason that the "buffer overflow" vulnerabilities frequently discovered in Windows should even exist. "Buffer overflows are the result of sloppy programming -- it is shoddy workmanship," he said.

Earlier this month, Microsoft announced it has enhanced the memory protection in Windows XP in order to reduce the operating system's vulnerability to buffer overflow exploits, but the enhancement will only be available as part of Service Pack 2, which will not be available until next year.