The increasing number and sophistication of computer attacks requires that companies, businesspeople and consumers rethink their strategies for dealing with worms and other exploits, Thompson said during a keynote speech at Comdex here on Wednesday. The focus of security measures needs to shift from cleaning up after a problem to anticipating potential problems, he said, with automated patch management and better coordination of software and hardware.
"Security needs to move beyond its niche focus," he said. "We need more integrated security technologies."
Otherwise, it will be impossible to keep up, Thompson claimed.
"More than 100 new viruses are identified every week and 60 new software (problems) every week," he said. "We saw a 19 percent increase in attack activity in the first half" of 2003.
Nastier types of bugs are also being developed all the time, he noted. In the relatively near future, the world will likely see the debut of damaging threats that the industry is calling "Warhol" attacks, as they are likely to achieve fame by spreading across the Internet in 15 minutes. "Flash" threats might be able to blanket the Internet in 30 seconds.
"Day Zero" threats, which exploit previously unknown vulnerabilities, will hit without warning, the Symantec CEO added.
To further complicate things, the rise in attacks will occur in tandem with a growing need to simplify technology, he said. In Boston, for example, the Internet Home Alliance, a trade group dedicated to promoting the connected home, is running a pilot scheme that has 20 families living in fully Internet-enabled homes and reporting about their experiences. Such Web-connected appliances will have to be properly protected against hacker attacks.
"There may come a point where users look at technology as more of a liability," Thompson said, adding that the modern version of hell just might involve being "condemned to set up a home Wi-Fi network linking a number of PCs with a badly written manual and technology support putting you on hold for eternity."
That security problems remain rife doesn't mean the topic isn't being taken seriously by the industry and its customers. The U.S. government is providing US$30 million to the federal Cyber Corps Scholarship-for Service program, to encourage college students to go into the security technology field. In the program, students are given scholarships, but then have to work for the government for a limited time after graduation.
Corporations are also taking action to stem attacks, such as creating more homogeneous computing environments or taking part in initiatives like the Network Admissions Control program to ban insecure mobile devices from corporate networks, announced Tuesday by Cisco Systems.
Thompson stated that a shift to Linux from Microsoft wouldn't be a sure way to avoid the kind of recent suffering caused by viruses that exploited holes in Microsoft code.
"If and when the Linux target set gets as rich as Microsoft's, I believe you will find more vulnerabilities than you do today."
Spam--for a fee
In his keynote, Thompson largely showed the confidence of someone who has delivered a lot of speeches, but he did show some fire when the follow-on discussion came to spam, or unsolicited junk e-mail. He hates the stuff--more specifically, he hates that network providers don't stop it.
The problem, he maintained, could be solved if carriers charged spammers for sending hundreds of thousands of e-mails, or simply stopped carrying traffic from sites spouting a huge amount of e-mail.
"If you are going to send all of this crap over my network, damn right, you should pay for it," he said during a question-and-answer session after his speech. At least with junk mail, "you know someone had to put it together and send it."
Legislation won't be the answer, according to Thompson. "I don't think it is enforceable. How does the U.S. enforce spam? How does Virginia stop spam? It is illogical," he said.
Internet-enabled homes need to be protected from hackers? Well, I suppose I could survive someone reprogramming the icemaker in the fridge, or hacking into the oven controls and overcooking my roast. But what a godsend to people who hate ironing: "Sorry boss, but I couldn't press my shirt this morning; my iron had a virus."
It seems the people who make the most noise about computer security are the same ones who offer the most expensive solutions.