"Security" issues

The latest "conficker" worm is just that: the latest in an apparently infinite series. So why do we put up with this nonsense?
Written by Paul Murphy, Contributor

Last week the Register had a stunning headline: Conficker seizes city's hospital network with a sidebar showing four related stories:

  • Royal Navy warships lose email in virus infection
  • Prolific worm infects 3.5m Windows PCs
  • Virus writer signs off in cordial Trojan message to MS
  • MoD networks still malware-plagued after two weeks

According to the hospital story, they found out about their problem when PCs in operating theaters started to reboot mid procedure.

What's really scary in this context, however, isn't that there's inevitably another killer worm or virus in the offing, it's that the entire PC "security" industry operates reactively: both in terms of not recognizing an attack until lots of failures occur and in terms of not responding to an attack until those failures receive widespread publicity.

In this particular case, for example, the problem affects every Windows generation from NT 3.51 to the Windows 7 beta, the underlying issue was known and understood as it applied to BSD code in the late 80s, and the specific issue was the target for a set of "out of cycle" Microsoft patches last October - but it still took the "infection" of an estimated 13 million machines now to focus industry attention on it.

Basically the reactive stance taken by the industry means that the damage is always done before the industry even tries to close the barn door - and while shutting down PCs in operating theaters may be life threatening to some and the stuff of low comedy to others, there are genuinely serious threats out there. Ask yourself, for example, how and when you'd find out if someone has managed to infiltrate a major Wintel components producer - and, as a result, any desktop or server you have with Intel's latest virtualization technology could now be running an invisible network OS with unrestricted access to everything on your network.

But if having failures precede action isn't such a great strategy, what's the alternative?

Obviously it's going to depend on what you do, who you are, and what information sensitivities you have - but here's some food for thought: the entire list of virus, worm, or intrusion caused shutdowns affecting Sun Ray users on Solaris/SPARC in 2008:

  1. -


Editorial standards