March 2008 — News
Print this articleClick here to receive your FREE subscription to T.H.E. Journal
A White Hat Talks about Modern Malware
Once you've identified a gang's MO, you can create code and rules to find them wherever they happen to pop up. And all of our users have the option of becoming part of our eyes. When they install our software, they can all elect to become part of our network so they can report when they find something bad. If one of our users is just surfing, and they go to some Web site, and our software is watching and something bad tries to bite them, then it reports back to us. It doesn't tell us who they are, but it tells us where they were when something bad happened. So it becomes an Internet neighborhood watch.Schaffhauser: When you find an exploit, do you contact the Webmaster for the site and say, 'You guys have been hacked'?
Thompson: We do. It gets kind of old, because they metaphorically blink, and their eyes glaze over and they don't tend to understand.
It's hard to know who the bad guys are, what the bad Web sites are. And it's transient. They get hacked and they get cleaned up. They get hacked and cleaned up. If you took any list of 10,000 Web sites and looked at them six weeks later, you'd probably find that only a few hundred of them are still doing bad things. But there are probably another 10,000 or 20,000 that have taken their place.
Schaffhauser: If you're running a computer in a school, what are the chances those computers are infected?
Thompson: Pretty good. Schools are incredibly vulnerable, because they're usually pretty poorly defended. People do their best, but it's probably some teacher's slapped-on job to keep it defended.
Schaffhauser: What's the remedy? Where do I as a school technical coordinator start in to evaluate the state of my computers?
Thompson: It's very difficult. I don't know that there's an easy an easy answer to that. I think you've got to understand that functionality and security have this inverse relationship. You've got to try to balance everybody's needs and desires to do whatever the heck they like on the Internet. Schools--particularly colleges--tend to dislike rules and limits. So it's a tough job.
Good security is all about getting as many layers in place as you can. Education is part of it. Cutting down the functionality as much as you can is part of it. Getting the antivirus software in place is another part. You get as many layers as you can. The idea is that whatever gets past one layer gets caught by another.
Schaffhauser: But if the bad guys do such a good job of looking innocent, what kind of education would help?
Thompson: It's very hard. Probably the best thing they can do is get the most software they can. Most software companies are prepared to work hard with any educational institution.
Schaffhauser: Would a security expert help?
Thompson: If you can find someone and put a little bit of budget together, that's probably a good idea--as another layer. The only real alternative is the Montana option. That's where you sell all your computers and move to Montana.
Get daily news from THE Journal's RSS News Feed
About the author: Dian Schaffhauser is a writer who covers technology and business for a number of publications. Contact her at dian@dischaffhauser.com.
Proposals for articles and tips for news stories, as well as questions and comments about this publication, should be submitted to David Nagel, executive editor, at dnagel@1105media.com.
Cite this Site
copy text (above) for proper citation
