Be Thankful: You Can Be Safe

By Larry Seltzer  |  Posted 2006-11-22 Print this article Print

Opinion: Defense on Windows systems is good and getting much better, and the bad guys don't have any low-hanging fruit anymore.

Just a few years ago Windows users, even responsible Windows users, had good reason to be fearful of the attack that would slip past their defenses or their notice. Things have changed. Nobody should ever be complacent, but a responsible user can be confident that defensive software and good habits will protect them. More interestingly, attacks just arent what they used to be.

A report by Alexander Gostev, senior virus analyst at Kaspersky Lab, indicates that innovation in malware development is stagnant. There have been no major developments in some time. In fact, there have been no major attacks since the release of Zotob in August 2005.

Zotob, incidentally, targeted mainly Windows 2000 systems and XP SP1 to a lesser degree. What Microsoft has been saying about XP SP2 is true: Users are much safer running XP SP2 than earlier versions of Windows. Their own data from their Malicious Software Removal Tool (Word .doc file) shows as much, and in fact probably understates the matter.

There have been a number of small attacks. Some of them, like the WMF vulnerability, enter the background of the malware scene and will be with us for a long time. Perhaps the most prominent security term of 2006 was "targeted attack." We had quite a few of them, mostly centered around zero-day vulnerabilities in Microsoft Office. See the Kaspersky report for more interesting details on these vulnerabilities.

The focus on vulnerabilities generally is another point in the report. As I said, there is no innovation anymore in malware—except where it involves the exploit of a vulnerability, especially a zero-day exploit. But even these are often less of a threat than they used to be. A few years ago vulnerabilities brought us attacks like Blaster and Sasser, where users could be infected over the Internet while they were asleep. Now the exploit usually involves substantial user action and can often be blocked by anti-virus software.

Now Im going to re-ask a question Ive been asking vendors for a while now without what I consider a full answer: How many truly new infections do we have these days as opposed to re-compromises of systems already infected with other malware? I think the latter is where the action has been for a long time now. My theory that a very large percentage of new infections are on already-infected systems has two main arguments in its favor:
  • The systems are compromised, providing a hole through which new malware can attack
  • The users are proven to be willing to click on things they shouldnt

When you look at the data from AV companies on what the most prevalent attacks are its like a trip through the way-back machine. Look at Sophos report on the Top 10 viruses reported to Sophos in October 2006, and bear in mind that Sophos doesnt have much of a consumer presence, just business:
  1. W32/Netsky-P
  2. W32/Mytob-AS
  3. W32/Stratio-Zip
  4. W32/Bagle-Zip
  5. W32/Netsky-D
  6. W32/Stratio-AY
  7. W32/Mytob-C
  8. W32/Zafi-B
  9. W32/Nyxem-D
  10. W32/Mytob-E
Next page: Stagnantware.

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel