©workingarts.com
2002

January 2002 Information Security Article

Information Security in plain English by Frederic Martin.

The confetti, champagne and mistletoe are all gone, and we're off to the third year of this new millennium (can you believe it?!). 2002 is going to be yet another record year for information security incidents and alerts. The Computer Emergency Response Team, based out of Carnegie Mellon University, has been documenting security incidents and sending alerts to anyone who cares to receive them (www.cert.org) since 1988. Incidents may concern a single computer system of millions of computer systems, whereas alerts are genuine warnings that something serious is going on and that everyone on the CERT's mailing list should know about them. The trend is somewhat alarming: the number of incidents has more than doubled every year since 1998 - with a count of 3,734 that year. In 2001, 52,658 were reported. If the trend continues, and there is no indication that it won't, there will be well over 120,000 security incidents in 2002! - that's more than all the combined alerts generated since 1988 (100,369 exact count).

Now, let's not panic just yet… Many of those incidents concern specific products and architectures, some of which are installed in very few places, and should not concern the average small, medium size company, or home computer users. One should also underscore that as computer systems have exponentially multiplied worldwide, so have computer-related incidents, in fact the worst year was 1996, when 56 security alerts were released. In 2001, 41 were generated, up from 26 in 2000. Not all alerts should alarm home users, but a few of them do concern almost anyone with a PC connected to the Internet, via dial up or otherwise; most of them deal with easily spread viruses (worms, Trojan horses, etc.) or security flaws discovered in popular software. Recent discoveries - during the last quarter of 2001 - including an alarming vulnerability in Microsoft's recently released Windows XP Operating System, security flaws in Microsoft's Internet Explorer, AOL's Instant Messenger, etc.
Should you panic? Not if you stay informed: all you need to do is have someone in your organization set up an email account to receive security alerts and act upon the critical ones. Remember, most of the alerts are obscure and irrelevant to the average home computing environment, so you should only cry wolf on the ones that matter most. Another efficient way of filtering and dealing with meaningful alerts is to log on to www.workingarts.com and register for workingarts' free security alert service. Since the September 11 tragic events, workingarts Marketing, a Madera-based company, has been filtering out relevant alerts, rewriting them in plain English (along with the original text for those of you who like techno babble) and distributing them to an ever increasing list of eager recipients.

To make sense of security concepts, this year, I will publish a monthly column that will go over information security concepts, news, and will also provide monthly tips and recommendations. This month, we'll discuss antivirus technologies. First of all let's clear up a few definitions:

o A virus is a generic name for malicious code, a file that is designed to copy itself, and sometimes do other things, like display strange messages or delete everything on your hard drive.

o A Trojan horse is an unsuspected program that does something more than the user was expecting, but that doesn't replicate itself, relying instead on the user to pass it on. This malicious program is concealed inside a harmless-looking package, like a game or joke program

o A Worm is a self-replicating self-contained type of Trojan horse. Once installed, it corrupts certain program files to pass its package on as part of the program's normal operation, e.g. by trying to e-mail itself to all entries in one's address book.

Most of the high visibility viruses in 2001 were worms. A good example was Code Red, discovered on July 17, 2001, which infected over 300,000 computers and cost $2.3 billion to clean up(1). By comparison, the Love virus, in early 2000, cost $960 million to clean up, but had the hidden cost of $7.7 billion in lost productivity. The Internet helps spread viruses, but it also spreads their antidotes, usually within hours after the problem is discovered. There are about 50,000 viruses in the world (most of them in labs) and about 200 new viruses are discovered every month.

There are two basic antivirus technologies out there and two basic deployment architectures of those technologies. The most popular technology is analogous to real world virus antidotes, in that it uses signatures that are proper to the virus and provides inoculated computers with code that can easily detect the virus by checking against its constantly updated list of signatures. The other approach is heuristic: software constantly monitors the computer and looks for virus-like behavior. The signature based solution is reliable, but only after the virus was discovered and the signature updated on the user's computer (a reactive solution) whereas, the heuristic approach is proactive and may help detect and remove the infection on the unlucky computers initially attacked by new viruses. The second approach, however proactive it may be, can lead to annoying false alarms.
For companies, there are two ways to basic antivirus deployment strategies: on every user's machine and or on the Internet gateway (usually the firewall - another information security technology to be discussed in next month's column - or on the email server). The gateway approach can filter out all Internet traffic and email attachments, but it does not protect the organization from viruses introduced with infected diskettes.

Fortunately, new security products and solutions are easy to use: be vigilant, read your advisories, implement the recommended solutions(2) and have a happy and safe computing 2002.

(1): Source: Computer Economics
(2): Most antivirus checking engines (the free razor) are free and can be downloaded from leading vendors such as Symantec, McAfee, Trend Micro Devices, Command Software, Sophos, Finjan, Computer Associates, etc. Most yearly subscriptions to signature updates (the razor blades) cost about $20/year.

Frederic Martin is the President of workingarts Marketing and can be reached by email at fredo@workingarts.com

Sales tools|Marketing tools|Public relations|Partner development | Home

Contact information
workingarts
Telephone 559-662-1119
Fax 559-662-0865
Email getitdone@workingarts.com 
P.O. Box 1050
Madera, CA 93638-1050