Will Cybercrime Break the Internet?
Here are a couple of sobering quotes from The Red Tape Chronicles which recently ran a story on botnets:
Antivirus firms "may not be able to withstand the onslaught," he said at a recent computer security conference. "This is a competition where the antivirus companies, I fear, are not in a good position."
and
Another antivirus executive put it more bluntly in a private conversation. “I think we’ve failed,” said the official, speaking on condition of anonymity. Computer security firms often use hyperbole to help get attention for their products, but expressing helplessness is something new.
Is it really that bad? At the moment things look bad but I don't think it has to be that way. Here are two things we need.
First, we need to acknowledge that most of the botnets are running on compromised Windows clients. I know Vista is more secure but that may not be enough and the adoption rate of Vista will not eliminate the problem even if the operating system is sufficiently secure. Mac OS X and Linux are more secure but in time, attackers are likely to find ways to compromise those platforms as well.
The fundamental problem is we have too much computing power and communication bandwidth and too little control over either. We need to centralize computing on highly secured, well managed servers and leave users with ultra-thin clients that don't have the computing power or the functionality to become sufficiently useful bots.
Thin client applications have plenty of security problems, especially rich Internet clients. We'll also need more secure development tools than Javascript.
The second thing that is needed is more cautious use the Internet. The Red Tape Chronicles posting points out how pump-and-dump stock schemes are so profitable. A little less greed and a little more intelligence would go a long way.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
