Report Card: 2007 Incite #5 - You (Mal)ware it well

Continuing on with the 2007 Report Card series, the next Incite deals with endpoint security and the ever-present malware situation. It certainly seems it's getting worse, but is it still as impactful? Let's see...

Incite #5 - You (Mal)ware it well

The most significant innovations in 2007 come from the bad guys continuing to find new ways to compromise desktops and install rootkits/Trojans and other bad stuff, resulting in the first million bot network. Big AV responds with more integrated suites, but remains under siege from new entrants looking to milk the AV cash cow. For users, the best defense turns out to be a good offense as Pragmatic CSOs spend significant time and effort training users and pushing ISPs to address the damage of rampant bot activity.

Days of Incite Link:http://securityincite.com/blog/mike-rothman/2007-doi-day-5-you-mal-ware-it-well
Incite Redux Link:http://securityincite.com/blog/mike-rothman/incite-redux-july-11-2007

Final grade: B+

During a recent speaking engagement on endpoint security, I made the point that malware is pretty much ANYTHING that I don’t want on my desktops. I don’t care if it’s a virus, a worm, a Trojan, a keylogger, or any other bad juju – it shouldn’t be on my machine and I want an integrated endpoint security platform to get rid of it.

The good news is that the vendors have responded. Whether it’s the free stuff focused on consumers, or Big Security that have upgraded their stuff in 2007, we are seeing (finally) the justification for those annual upgrades.

What about these new entrants? Most importantly, big Microsoft was a no-show. They made a lot of noise in the early part of the year, and then… not so much. But that’s OK, since this is part of Microsoft’s playbook. They make a big splash; realize that they have some work to do on the product, disappear for a while and then eventually come back with something that is competitive. Clearly they have disappeared for a while, but in my best Governator voice – they’ll be back.

The reason this is still a B+? The ISPs remain blissfully unaware and unwilling to act to take many of the bots off their networks. And there has been little to no external pressure to force the issue. ISPs continue to ignore the issue, the bot masters continue to run to the bank, and millions of devices out there are just waiting to launch a massive attack on whatever is the next target of choice.

I wish there was any kind of good news on the horizon, but there isn’t. Users will continue to do stupid things, leaving themselves open to being compromised. The best that a corporate security person can do is to monitor their networks and figure out when one of their machines has been compromised. Rebuild it and contain the damage.

I always get a lot of VCs asking me what is hot in security. Where they should invest their money. Unfortunately, the best growth market in security is bots, but I don’t think the limited partners of the VCs would be all that enthusiastic about funding a band of criminals. Although it’s not unprecedented…

Check out the other posts in the Report Card series.