While some of todays viruses have been serious problems, Freund said they are not nearly as evil as whats possible if the bad guys really try. So far, weve seen evil viruses and fast-moving ones, but what if? Well, heres how the Zone Labs boss describes the scenario:
"Imagine the destructive power of the Witty worms payload, which progressively destroyed disk contents, sector by sector, combined with the transmission vector of an MS Blast or a Sasser," Freund said. But if that isnt bad enough, it gets worse. "Not to give anyone ideas, but what if such a combo targeted the security infrastructure or something like anti-virus updates?"
That scenario was as bad as Freund was willing to discuss during our talk, which took place on-stage during a conference I recently hosted for the Software and Information Industry Association. Freund and Patzakis spoke with consultant Rob Enderle and myself. By the end of the half-hour chat, I think Rob joined me in wanting to rush home and completely disconnect the computers from the Internet and the increasingly dangerous outside world.
Freund said the security model we use today needs to move from reactive defenses, like patches and signature-based protection (such as current anti-virus software), to more proactive defenses capable of defending a system against previously unknown threats.
This matters, he said, because the time lag between publication of a newly discovered vulnerability and the discovery of a new virus ready to exploit the vulnerability has dropped to 24 hours or less. That means the bad guys are moving more quickly than before and are using the good guys efforts to improve security against everyone who doesnt immediately get the patch or signature update.