Security Watch
Malware: Is Cleaning Enough?
The only good solution to malware is a complete OS reinstall, says Microsoft.
Malicious Code
A program manager in Microsoft's security group said recently that companies
should have a mechanism for completely replacing the software on an infected
system rather than attempting to clean it. According to the malware they've
examined, much of it persists despite numerous cleaning attempts, making complete
re-installation the only effective method of restoring a PC to its original
state.
Well, let's be honest: This is nothing new. Once a system has been compromised,
it is, and always has been, extremely difficult to determine all of the components
the malware has installed. It becomes even harder the longer the malware has
been in place, due to the nature of today's bots, which often contain
automatic updating or add-in mechanisms.
The question now becomes whether or not you can trust your AV program's
report on whether it can remove the malware it has discovered. The safest bet
is no, but in reality it greatly depends on the malware that's been found.
AV companies are good at determining what all a particular variant may do to
a given victim, and usually state it in their descriptions. Problems arise,
however, when they apply a generic description to a variant they identify but
haven't previously seen firsthand.
In the end, you need to decide for yourself on a case-by-case basis. Regardless,
it's time to dust off your old back-up policies and make sure you have
a way to do a complete restore on any machine in your network.
Human Factors
The U.S. Department of Justice (DoJ) reported that 3.1 percent of households
in the United States suffered some form of identity theft during a six-month
period in 2004. Identity theft was qualified by unauthorized use or attempted
use of an existing credit card, other existing accounts such as a checking account,
or misuse of personal information to obtain new accounts or loans, or to commit
other crimes.
Almost half of all reported identity thefts were abuses of existing credit
cards, with more than half of the remaining thefts occurring due to abuse of
other existing accounts. Misuse of personal information, which I personally
consider closer to the true definition of identity theft, occurred in only 15
percent of the victimized households, or 0.5 percent of all U.S. households.
Not surprisingly, the most likely victims were in the 18 to 24 age range, made
$75,000 or more and lived in urban areas. Conversely, only 30 percent of victims
noticed missing money or unfamiliar charges, and less than 25 percent were contacted
by a credit bureau. This suggests that the criminals were either trying to stay
under the radar, or were unaware of the extent to which their victims could
have been robbed.
Read the DoJ's report here
(PDF).
According to a recent Wall
Street Journal story (WSJ.com ID required to read), corporate
concerns over the impact of emerging Internet technologies, including security,
may limit their adoption.
The story focuses on instant messaging, third-party Web-based e-mail and Skype.
While fear of the overuse, or abuse, of bandwidth is mentioned as a concern,
the primary motivation behind corporations' lack of adoption is previous
security breach experiences with these technologies, such as worms via IM. Skype
is noted due to the inability to determine what is being carried, leading to
potential issues with regulators.
Nothing really new in this story -- it merely restates the obvious problems
and concerns that corporations have faced all along. It is interesting to note
that in response to the criticism, some of the vendors made it seem that they
believe corporations are confused over their products instead of being focused
on legitimate issues. Not really putting a best foot forward in an attempt of
quelling concerns.
Want
More Security? |
This
column was originally published in our weekly Security Watch
newsletter. To subscribe, click here. |
|
|
Governance
Verizon had a class
action suit brought against it by customers who were annoyed in 2004
after Verizon implemented a massive blocklist to prevent spam. That blocklist
was so broad that it effectively stopped their customers from receiving e-mail
from certain countries -- and in some cases, regions. Verizon settled the case,
giving affected DSL customers who apply a one-time payout of $49 for their inconvenience.
While there's no doubt that such a massive blocklist was overkill and, equally,
that the stated remarks Verizon support apparently gave some customers was inappropriate
("If it's really important, you should use a phone rather than e-mail."),
some protection may be necessary for ISPs who are at least attempting to stem
the tide of badness afflicting their customers. The lawyers in this class action
suit seem to be the only winners (reaping $1.4 million for their efforts).
About the Author
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.