Web-Based Issue Tracking
Free 30-Day Trial - Click Here

eBusiness Help
Free White Paper: Customer-Centric CRM; Fully Optimizing CRM
Learn to evolve your current CRM projects around a customer centric strategy
Try Looksmart PPC Search Marketing
$25 in Free Clicks for New Advertisers
45 Days Free Hosting From Rackspace
Move at your own pace and save with an 18 mo. contract

Recent Articles

Domain or not?
Computer networks are often just automatically set up without much thought: if it's a business, it's set up as a domain, if it's home, it's not.

Effective Job Cost Tracking in the Advertising Industry
In today's competitive business climate, advertising agency clients are taking a closer look at how they purchase advertising products and services. The trends:

CIO Plays a Significant Role in the Decision-Making?
Information Technology (IT) took the lead in developing and implementing frameworks for business collaboration - financial and operating models and legal frameworks.

Importance Of Technology Changes In Business Computing
The importance of keeping up with changes in business computing and technology can be more important over time as your business grows.

AMD Rubbing Intel In Processor Race
The problem when you're at the top is there's only one place to go and computer chip leviathan Intel may be experiencing something akin to a descent, at least for now. Intel dominated the computer chip market for years but while their earnings were very good, they are losing their grasp to rival AMD for the moment and it's not done yet.

New Interfaces for Microsoft?
Microsoft tells us that their application interfaces need revamping. Apparently having eighteen kazillion commands buried under three million menus confuses people now and then.

Gartner Says IT Orgs Changing, Disbanding
In a new study by research firm Gartner, IT organizations will be facing dramatic change in the coming years. By 2011, 75% or more will have a different role entirely , 10% will be gone and 10% more will relegated to commodity status.

Virtual Tape
Virtual tape does just what you'd think: a backup thinks it's writing to tape, but in reality the data is going elsewhere. It may still end up on tape eventually, but in the meantime it's heading for disk, local or otherwise. This stuff isn't cheap, but then neither are the systems where people would be interested in it

11.15.05


Computer Viruses - The New IT Arms Race

Gerry 
                  McGovernBy Simon Heron

The stark reality is that network security in this Internet age is a race. This race starts every time a new virus, worm or vulnerability is discovered; and only finishes when either an organization's network is protected or compromised.

These are the only two possible outcomes; you win or you lose, there are no silver medals. And the IT departments around the world are finding themselves increasingly under pressure, as new viruses and worms such as Klez.h, Netsky.q, MyDoom.a, Bagle.z, Slammer, Sasser and the recent plague of Zafi.b, seemingly breach networks with ease.

The "arms race" is currently being lost because most of the IT world is still looking to out-of-date technology to protect themselves. The vast majority of the anti-virus systems out there, use "PULL" technology, in order to obtain the latest anti-virus signatures. The simple fact is that even if network security is updated once a day like clockwork, because there are new viruses, worms and vulnerabilities appearing all of the time, within just moments of that daily update, the system can (and most likely will) be vulnerable once more.

There is simply no way that an IT manager, or even two or three skilled people working in an IT department, can provide this type of 24/7 update service for their organization.

Most anti-virus vendors still use this ineffective "once a day," or even "once a week" update model, despite their marketing claims of so called "live," or "active," or "automatic," updates.

There are already nearly one hundred thousand known computer viruses, and each month over a thousand new viruses, worms and "Trojans" are added to the mix.

Of course, not every one of these viruses and worms is destined to be as "successful" as Klez.h, Netsky.q, MyDoom.a, Bagle.z or the recent plague of Zafi.b; but at the moment a new virus or worm is first discovered, it is almost impossible to know for sure which will be a major problem, and which will be no more than a mere curiosity.

Discover Security Weaknesses in your Active Directory and Windows File Systems today!
Free Demo of DSRAZOR for Windows

A variety of factors will come into play that governs the success of the virus, worm or trojan.

The virus writer needs to get his or her virus to "critical-mass" before the major anti-virus companies can get a virus signature out, installed on their customers' computer systems, and protecting them. To achieve this, many virus writers are turning to Spamming techniques, ensuring critical mass within moments of launch. "Blended" technology is also being used to further improve the virus' or worm's chance of success. Rather than depend on just mass mailing emails, for example, certain worms (such as variants of Netsky) may well attack users via certain open and unprotected network ports, to exploit known vulnerabilities in popular operating system software.

If a worm is able to reach critical mass quickly, and takes advantage of a wide spread vulnerability, the result is often hundreds of thousands of computer systems around the world, being infected in just moments.

A classic example of the speed with which viruses spread is the SQL Slammer worm. On 25th January 2003, at 05:29:36GMT, we detected and blocked the first probe to UDP port 1434 in Korea. In Japan, Thailand, Germany, Switzerland, Australia, England, Saudi Arabia, similar probes were being reported worldwide in a matter of seconds. Within three minutes, we had detected and blocked probes to that port throughout the world.

This means that effectively within three minutes of its release, the worm had probed every single active Internet host, and detected and infected every single active and vulnerable server. Probe rates were as high as one probe per IP address per second in Korea and Australia.

If you are connected to the Internet, you are at risk, pure and simple. And if you think that having a firewall and an anti-virus program installed is enough to protect you, then you need to think again - and fast.

The speed of the Internet has made "friction of distance" evaporate.
In the face of the onslaught from malware, protection needs to move with the times. Firstly, networks require blended protection, which includes firewall, VPN (Virtual Private Networking), IDP (Intrusion Detection and Prevention), anti-virus, anti-SPAM, content filtering and company policy management; just having parts of the jigsaw is not enough. Secondly, these systems need to work seamlessly, with zero-latency between the intrusion detection and the firewall. Thirdly, all of these systems need to be updated in real-time, using state-of-the-art PUSH technology, not the PULL technology of yesteryear.

Last but not least, systems need to include the latest heuristic technology, and not rely too heavily on pattern recognition alone, as we see more and more zero-day high speed attacks across the Internet. A high quality anti-virus heuristic engine, such as the one from Kaspersky, can actually block up to 92% of known viruses, even without have any signatures installed.


About the Author:
Simon Heron, technical director at Network Box (www.network-box.co.uk)

About ITManagementNews
ITmanagementNews answers questions for IT managers. Our experts offer real-world advise and cutting edge technology for the enterprise. ITmanagementNews is focused on Delivering IT Solutions

ITManagementNews is brought to you by:

SecurityConfig.com NetworkingFiles.com
NetworkNewz.com WebProASP.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com DevWebPro.com


-- ITManagementNews is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2005 iEntry, Inc. All Rights Reserved Privacy Policy Legal

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article



Delivering IT Solutions ITManagementNews News Archives About Us Feedback ITManagementNews Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact