Tomorrows Virus—Fast Moving and Deadly: The Sum of Our Fears?

Opinion: The CEOs of two security companies put a scare into David Coursey as they describe how much damage the bad guys could do if they really try.

Recent virus outbreaks only hint at an even more dangerous future, say two security company CEOs I sat down with recently. One was the CEO and co-founder of Zone Labs, Gregor Freund; the other was John Patzakis, CEO of Guidance Software, publisher of computer forensics and incident response applications.

While some of todays viruses have been serious problems, Freund said they are not nearly as evil as whats possible if the bad guys really try. So far, weve seen evil viruses and fast-moving ones, but what if? Well, heres how the Zone Labs boss describes the scenario:

"Imagine the destructive power of the Witty worms payload, which progressively destroyed disk contents, sector by sector, combined with the transmission vector of an MS Blast or a Sasser," Freund said. But if that isnt bad enough, it gets worse. "Not to give anyone ideas, but what if such a combo targeted the security infrastructure or something like anti-virus updates?"

/zimages/2/28571.gifClick here to read why Security Center Editor Larry Seltzer says that when it comes to anti-virus, the old-fashioned way is still best.

That scenario was as bad as Freund was willing to discuss during our talk, which took place on-stage during a conference I recently hosted for the Software and Information Industry Association. Freund and Patzakis spoke with consultant Rob Enderle and myself. By the end of the half-hour chat, I think Rob joined me in wanting to rush home and completely disconnect the computers from the Internet and the increasingly dangerous outside world.

Freund said the security model we use today needs to move from reactive defenses, like patches and signature-based protection (such as current anti-virus software), to more proactive defenses capable of defending a system against previously unknown threats.

This matters, he said, because the time lag between publication of a newly discovered vulnerability and the discovery of a new virus ready to exploit the vulnerability has dropped to 24 hours or less. That means the bad guys are moving more quickly than before and are using the good guys efforts to improve security against everyone who doesnt immediately get the patch or signature update.

Next Page: The problem with patches.