Trojans and Viruses
With the CD drives in virtually every machine, its more common than ever for people to share information via optical media, Fleming said. Most people dont give a second thought to putting something like that in their machine. So, are these little glitches as banal as reports make them out to be? Maybealthough more-conspiratorial analysts say these harmless bugs could turn into an entirely new threat that the security community is not ready to handle. "Most of the time when we see threats show up, its a concept for how a Trojan or virus can be introduced," Fleming said. "When its introduced, its mostly very benignerasing the flash memory on a PlayStation is not going to affect me personallybut what does concern me is that we have a whole new threat vector. People are going to take the concept and think, Whats the next thing I can do?"Not every security expert interviewed by eWEEK.com voiced the same opinion, but they all agreed that any networked user needs to take the same precautions, whether theyre on a home or business network. John Pescatore, vice president of Internet security at Gartner Inc., said home network security has a long way to go, since most major companies involved in home computing dont focus on that kind of security environment. "Theres a funny thing going on," he said. "For many years, Microsoft built Windows with home users in mind, but in 2001 to 2002, they got religion and started doing more for enterprise security. They forgot about the home user who doesnt have an IT staff to take care of their problems. Pescatore also said theres been discussion in the industry about how to integrate security into consumer electronics. The problem is that companies still say anything harder to use slows down consumer adoptionso no one is willing to make security a priority in a consumer environment. "Theres not a lot of incentive to say, My product is harder to use," Pescatore said. AOL has recently moved to help consumers with security by offering McAfee VirusScan Online services for free. Businesses also can take a few notes from a home-network invasion. Much like home users, Fleming said, businesses keep a closer watch on outside threats and dont do enough to make sure that nothing is coming from within the company. "Computer institutions and the FBI have surveys that show around 60 percent of all security instances occur internally," Fleming said. "This is where a lot of companies dont get it. They do all of the testing on outside resources and dont monitor internally." A secure network needs informed workers, according to IT experts at Ziff Davis Medias Virtual Tradeshow on security. Click here to read more. Fleming strongly recommended that businesses create a strong security policy thats enforced through monitoring and training. People need to be aware of bringing in software and other devices from home. That includes things such as music CDs, which often store data other than the actual music tracks. "There has to be mandated vigilance in the enterprises," Fleming said. "Its got to be pounded into their heads to be careful." Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
An Ounce of Prevention