The High Cost of Malware -- Microsoft Certified Professional Magazine Online

The High Cost of Malware

Plus: Symantec releases bot killer beta; are surveys spreading spam?

By Russ Cooper
07/30/2007

Computer Economics has published a for-fee study suggesting that direct costs of malware have gone down for companies, however, actual costs due to malware may be much higher than before. Basically, the suggestion is that malware is less disruptive to corporate networks than it used to be, but, today’s malware may be looking for something other than disruption.

Nothing new here; malware authors have slipped below the radar for quite some time now. By flying under the radar, their bots are kept under their control longer. That, in itself, means more profit for the criminals. However, the report seems to speculate on the methods used for stealing corporate intellectual property, or how passwords are gathered and then used for other purposes. While this certainly does happen, I’m not convinced it happens as often as others might think. If you consider how long it might take to examine even a single machine to find its pearls, you’ll realize that doing this on a large scale is time intensive.

No Bots Allowed
Symantec has released beta software for a product they're calling Norton Antibot. The tool is intended to continuously monitor your PC for changes -- presumably, when you’re not otherwise active -- to determine whether a bot herder is downloading new code or instructions to your machine.

Depending on how Norton Antibot is implemented, the tool could simply monitor for activity when you’re not present and then quarantine applications that invoke such activity. This may assist Symantec in finding previously unseen versions of bots.

Surveys=Spam?
A short article discussing the seemingly self-serving vendor surveys that often are published. Vendors think they’re valuable, consumers think vendors wouldn’t dare publish false statistics and analysts think it all depends on how the survey is conducted.

Want More Security?

This column was originally published in our weekly Security Watch newsletter. To subscribe, click here.

What anti-virus company would publish a survey that said that anti-virus products were ineffective? Not to say that such surveys don’t exist, but nobody is going to publish a survey of their customers saying their product sucks. But equally, there’s little doubt that a vendor’s survey is often populated more with customers and people who already know their product than others. That in itself can lend considerable bias. Further, an issue can be the “top issue in their minds” only out of the list of issues offered. I agree that it’s best to be skeptical when reading survey results, and consider the source.

About the Author

Russ Cooper is a senior information security analyst with Verizon Business, Inc. He's also founder and editor of NTBugtraq, www.ntbugtraq.com, one of the industry's most influential mailing lists dedicated to Microsoft security. One of the world's most-recognized security experts, he's often quoted by major media outlets on security issues.