 |
 Douglas Schweitzer: As long as there are computers, malicious code will continue to proliferate
December 5, 2002
Douglas Schweitzer, the author of Securing the Network from Malicious Code talks with PC Flank about viruses, Trojans and worms.
PC Flank:
What malicious agents (worms, Trojan, viruses) are the most dangerous and why?
Douglas Schweitzer:
This is an excellent question for which I actually have two answers. When referring to malicious code, dangerous is a relative term. On the one hand, Worms, because of their ability to self-replicate and spread quickly, generate the greatest number of malicious code casualties. Trojans on the other hand, usually cannot self-replicate, however, they possess the potential to cause the greatest amount of harm or destruction to a recipient’s PC. Therefore, the most dangerous malicious agent is one that spreads like a worm and has the destructive powers of a Trojan horse, such as the infamous Naked Wife Trojan of 2001.
PC Flank:
What do you think are a percentage of people getting infected?
Douglas Schweitzer:
This figure has been difficult to estimate since it varies by geographical location and because many organizations fail to report infections for fear that it will affect the organization’s reputation. The likelihood of an individual or an organization becoming infected by malicious code at some point in time is quite high, but also depends on several factors. Those who are careful about opening e-mail attachments and who install and regularly update a quality anti-virus product will avoid the vast majority of infections. My estimate would be that worldwide, within the next five years about 80 percent will become infected by some form of malicious code.
PC Flank:
What are the main reasons people getting infected?
Douglas Schweitzer:
Two words, social engineering. Viruses are most successful when they exploit the human element. The success of a worm or Trojan often relies on the recipient opening an infected e-mail message attachment. When the Dutch hacker OnTheFly created the AnnaKournikova worm, he knew that with a catchy subject line he could entice a large portion of the male population to open the attachment (which activated the worm) just to catch a glimpse of the sexy tennis star.
PC Flank:
What security measures do you recommend to prevent infection?
Douglas Schweitzer:
The vast majority of viruses can be avoided by following these rules:
- Do not open attachments from unknown of suspicious sources
- Do not open any attachments attached to e-mails with uncertain subject line
- Install and regularly update reputable anti-virus software
- Never download files from unknown individuals or organizations
- Install a Bidirectional firewall
- Read Securing the Network from Malicious Code
- Download and install operating system patches or updates on a regular basis
PC Flank:
Which software users should install to protect themselves?
Douglas Schweitzer:
In order to fully protect oneself from the threat of malicious code, a multi-layer approach to virus defense must be adopted. To achieve the maximum protection from viruses, worms and Trojans, I use the following:
- Signature based anti-virus software (e.g. AVG Antivirus by Grisoft, Inc.)
- A bidirectional personal firewall (e.g. Outpost by Agnitum, LTD)
- Code Behavior Monitoring software (e.g. SurfinGuard Pro by Finjan Software)
PC Flank:
What are the main criteria when choosing antivirus?
Douglas Schweitzer:
When looking for anti-virus software, users should make sure that the product they choose is ICSA (TruSecure) Certified. Software certified ICSA, has passed rigorous testing and has achieved high detection rates. For a list of ICSA certified products, visit: http://www.icsalabs.com/html/communities/antivirus/certifiedproducts.shtml
PC Flank:
Is antivirus enough to fight against Trojans, or users should add
anti-Trojan software?
Douglas Schweitzer:
The majority of ICSA certified anti-virus products would be sufficient to detect most Trojans circulating in the wild. If you regularly update your anti-virus software and install a personal firewall, then additional anti-Trojan software should not be required.
PC Flank:
What do you think is the future of Trojans, worms and viruses?
Douglas Schweitzer:
As long as there are computers, malicious code will continue to proliferate. The continued use of social engineering and exploitation of software flaws will make the inexorable battle against malicious threats increasingly challenging and difficult.
PC Flank:
Should we expect something new in malicious agents? And what it will look like? What about a "worm that will eat Internet in 10 minutes"?
Douglas Schweitzer:
Like all aspects of technology, malicious code will continue to evolve. I believe that new “hybrid” forms of malicious code will begin to appear combining the characteristics of worms, viruses and Trojans while using new forms of trickery and deception to propagate and avoid detection. In my opinion, the ten-minute worm is a fallacy.
PC Flank:
Tell our visitors about your plans, what will be your next book about?
Douglas Schweitzer:
Despite the use of anti-virus software, intrusion detection systems and firewalls, organizations are still affected by hackers and malicious code. My next book (which I am again working on with brilliant individuals at Wiley Publishing) is called “Incident Response: Computer Forensics Toolkit” and should be available in April or May 2003.
About Douglas Schweitzer:
Douglas Schweitzer is an Internet security specialist with a strong focus on malicious code. Douglas is a Cisco Certified Network Associate nad Certified Internet Webmaster Associate, and he holds A+, Network+, and i-Net+ certifications from the Computing Tecnology Industry Association.
He has appeared as an Internet security guest speakes on several radio shows, including KYW Phialdelphia, as well as on Something You Should Know and Computer Talk America, two nationally syndicated radio shows. He is the author of Internet Security Made Easy and Securing the Network from Malicious Code.
|
|
