You fear them. You hate them. But what exactly are computer viruses?
Similar to their biological brothers, computer viruses are designed to propagate, traveling from computer to computer to perform some mischief. That mischief may be as innocent as displaying a message that reads "This Computer is Stoned," or as fatal as wiping out every file on a hard drive. There are more than 48,000 known viruses, and 1,000 or so are active.
1. A virus consists of at least two parts: the replication code, which spreads the virus, and the payload, which is the prank or destructive part. Whoever wrote the virus inserts the virus code into an otherwise harmless program. The program-with the virus-is distributed through the Internet, on floppy disks, or even on commercial CD-ROMs.
2. Once you open the host program, the replication code is activated. The virus spreads copies of itself to other drives on your PC and to other PCs on the same network. Each of these child viruses becomes a parent virus and replicates even further.
3. A virus may remain dormant for months so it can spread without suspicion. It waits for a trigger, usually a specific date, to launch itself. If an infected computer boots or an infected program is launched under trigger conditions, the rest of the virus activates to deliver the payload. Typically the virus will destroy the boot record or files on your drive that have certain extensions.
4. Other viruses called worms replicate and spread with great speed. One such worm is an e-mail macro virus, such as Melissa or the Love Bug, which is distributed as an attachment to an innocent-looking message. Merely opening the message to read it activates the macro. A typical macro virus accesses your mail program's address book and sends copies of the infected message to everyone in the book. This begins a chain reaction, with each recipient perpetuating the virus. This in itself can be the macro virus's payload: jamming mail systems with so many messages that the systems are too packed to carry legitimate mail. Other macro viruses destroy files and boot records as well.
Stumbling toward protection, finding few answers By Martin Goslar, Ph.D., Special to ZDNet The cyber-security field is booming right now. New vendors are budding in what had been a wide-open field offering little growth. Burgeoning revenue opportunities have enticed old timers like Network Associates and Symantec Corporation to broaden their cyber-security offerings.
With the spate of online breaches and cracker escapades widely publicised in the media, all signals point to real market demand for integrated and responsive security products with expertise available to install and possibly manage them. Further light on industry's need for protection is shed by a recent poll conducted by Cutter Consortium, an information technology advisory and consulting group. The results of Cutter's survey emphasise how tenuous security investments in technology and staff really are in the corporate community.
Alarmingly, almost a third of the 134 multinational corporations surveyed reported no firewall protection and marginal internal security expertise, even for security fundamentals. While not a scientific study, the results offer additional confirmation that business is still wide open to all levels of intrusion -- from script kiddies to professional crackers who deface, deny site access, steal, or destroy.
Know thyself to evaluate others Don't waste your time evaluating security vendors before doing a thorough internal threat and vulnerability assessment. Effective security solutions will vary depending on organisation size and industry niche. Small firms will initially need to review total security solution vendors to determine their security needs, then install integrated protection that can be easily managed internally. The good news is that these vendors are available and are focusing on small and mid-sized firms.
Mid-sized companies are often accustomed to "traditional" security products such as virus protection and firewall operations, but now need the seamless protection dictated by e-commerce transactional activity. Welcome to the world of encryption, VPN, PKI, secure transactions, privacy assurance and much more.
These firms suffer from a dual dilemma: whether to pursue a total security solution from a sole source, or take the threat and vulnerability analysis route contracted from one firm followed by reviews of security products or services from other vendors to address upcoming expansion or current vulnerabilities. In essence, the conundrum is between taking on a single solution vendor to obtain one source for problem resolution and communication (which comes with negatives such as proprietary software and services) versus obtaining best-of-breed products from various vendors (which means dealing with several sources to resolve operational or breach problems).
Enterprise-level organisations, if attempting to maintain secure infrastructures, have found that isolated point security products each require a unique product-dependent expertise that often cannot be applied across applications. This multiple expertise requirement wreaks havoc on security staff who have great difficulty maintaining disparate and proprietary security products.
Each class of organisation, due to Internet development and greater technological flexibility (eg, Internet design-based software, new operating system versions expressly incorporating cross-platform, Internet-linked functionality), now contains wide variations in security requirements. Within class, each company now represents a distinct security profile warranting a limited range of solutions to counter specific threats. Accordingly, complete solutions for every company are difficult to offer at this stage in the security market.
Vendor roadmaps and deliverables Many successful security firms are managed by executives who gained their experience in networking or telecommunications companies. They've learned that although superior security technology is a necessity, the technology is not going to attract potential customers and revenue by itself. Marketing superiority in terms of delivery, service, and communication is as important as top technology.
Today's security solutions will become tomorrow's antiques -- this field changes that fast. Technology solutions quickly become vulnerable as new intrusion techniques are developed by Black Hats, and creative minds are continually finding new vulnerabilities that are publicised by the White Hats.
Bugtraq, one of the most productive security discussion and solution groups, testifies to this reality with 30+ messages being distributed to members daily. Cyber-protection is still in reactive mode. With this in mind, it is urgent that you review vendor candidate roadmaps as well as deliverables to assure effective protection beyond the short term. Seldom will you find roadmaps (ie, plans for future products, services, and markets) at vendor websites. It's doubtful you'll hear them from salespeople or vendor consultants. If your firm is mid-sized or larger, insist on discussing future product/service plans with the vendor's director of product development or marketing.
In the event that you are stonewalled or are denied access to this information or management level, you've just received a message that deliverables are based on present customers' needs. At best, the vendor may have developed deliverables that meet average requirements of targeted markets -- and these will not necessarily satisfy your firm's security requirements.
Website spin at 50,000 feet Assuming your company has a website in some stage of development, you are aware that layout and content are extremely important factors in luring customers. Website "wordsmithing," image management, and content spin are all communication tools the marketing department applies to peak buyer interest into a sales lead.
Due to the complexities inherent in security technology and the wide variation in product characteristics and features, clear communication is a nightmare. The result: slick copy that leaves you tbinking, "Huh? What does that mean?"
Here are few actual examples of meaningless product/service descriptions you might find on a security site: "security solutions provide essential protection beyond the firewall, safeguarding all mission-critical resources, from the browser to the mainframe. Perfect for any size organisation"; "delivers the security solutions required for optimum business asset protection"; "utilises an array of best-of-breed security products in its solutions, carriers may bring together and leverage the unique features of various security products to deliver the best security services"; "provides a drop-in solution enabling you to protect your e-business transactions transparently"; "give[s] you peace of mind, ensuring that your connection will remain solid".
Of course I'm taking these examples out of context, but you get the idea. Many of the details you would need in order to make a product, service, or technology comparison are missing. Even worse, proprietary security technologies often create an all or nothing environment -- either love it, or leave it and start over with other vendor(s).
Protection acquisition techniques In order for your firm to make informed security vendor selection decisions, consider taking the following actions.
1. Develop, as a minimum, risk, threat, and vulnerability assessments of your firm's network infrastructure. 2. Prepare a security feature requirements list, derived from #1, to establish a baseline security request for proposal. 3. Review websites for product and services offerings. Follow up with salespeople and technical reps to gather details for site visit invitations, or for teleconferences if your firm is a small business. Vague responses warrant contact with higher administrative or technical levels. 4. Ask for copies of all agreements needed to consummate purchase or subscription initiation, and have an attorney review them with you. 5. Understand the operational security procedures associated with products or services. Revelations made after purchase/subscription are painful. 6. Don't rely on a "black box" mentality (ie, you don't know what it does but hopefully someone does) 7. Work closely with the security vendor during the installation and initial operation process. Expect clear and effective answers to your questions. Obviously, small firms have less impact on security vendors' bottom lines, but they have similar survival threats as large firms do in the event of catastrophic cyber-attacks. Mid-sized and larger firms have far greater negotiation power in today's security market.
While still a frontier sector with widely varying alternatives, cyber-security is now mandatory for survival. Slick sites and fast reps won't help when your online defenses crumble. Take the time to make the most informed and appropriate security decisions for your organisation.
