By Larry Seltzer  |  Posted 2006-11-22 Print this article Print

Netsky-P was discovered, according to Sophos, on March 22, 2004. Its a classic mass-mailer worm of the type that used to generate fear. It was at or near the top of all the anti-virus malware lists until just a few months ago; I suspect all the other anti-virus companies changed their ranking system somehow to dislodge old geezers like Netsky-P that are well past their prime.

The Kaspersky list, for example, has different attacks, but many of them are still just e-mail worms. Most of these are now downloaders, which means that the attached program just downloads and executes other programs.

This sort of attack only has a chance of success nowadays if you are doing things that no reasonable person should be doing, principally running software that hasnt been updated in years. For more than five years both Outlook and Outlook Express have, by default, blocked all executables. Combine that with what we know about the enhanced security of newer versions of Windows and its easy to see the problem as one largely of old versions and headed for history some day.

The last ingredient is behavior: Even on new versions irresponsible users can do irresponsible things. If you go around porn sites and wrestling sites downloading and installing programs and ignoring warning messages you can still get your computer into trouble. This will always be the case, and Windows isnt alone in being vulnerable to bad behavior.

Even phishing is a problem that is being shown to be manageable by software innovation. The new version of both Internet Explorer and Firefox have phishing filters built in. They arent top-notch yet, but they will get better over time, and other security products, such as Norton Confidential, are adding fraud protection to the PC security mix. Once these are widespread it will be much harder to make a decent living off of phishing.

The recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers running a 70,000-strong botnet powered by hijacked computers in more than 160 countries. Click here to read more.

Attackers are left now trying to get through zero-day holes and bizarre new attacks. A good example was discussed recently by John Heasman of Next Generation Security Software: Its possible to hide malware in the memory of PCI-based devices like graphics cards in such a way that they can survive a reboot. These attacks often share a lack of universality for their target. The PCI rootkit attack described in the paper may have to be written specifically to each type of card.

So as youre relaxing on Thanksgiving (instead of watching the night game, because its on the NFL Network and your mother-in-laws cable system doesnt carry the damn channel!) think about how much better things are than in the past. In a few years computer crime and security attacks wont be gone, but things will be even better.

Do you get the NFL Network? Let me know how the game went in the Talkback section below.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog. More from Larry Seltzer

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel