The most significant innovations in 2007 come from the bad guys continuing to find new ways to compromise desktops and install rootkits/Trojans and other bad stuff, resulting in the first million bot network. Big AV responds with more integrated suites, but remains under siege from new entrants looking to milk the AV cash cow. For users, the best defense turns out to be a good offense as Pragmatic CSOs spend significant time and effort training users and pushing ISPs to address the damage of rampant bot activity.

I don’t know much. But I do know that in 2007, the good guys will continue to surf in the wake of the bad guys’ innovation. Whether it’s new and interesting social engineering attacks or new found zero day exploits on client side applications, we’ll see more desktop carnage and mayhem.

Why? The objective of the bad guys is still monetizing owned desktops, via spam, DoS, keyloggers, Trojans and their malware ilk. Hopefully we’ll be able to react faster this year, but continue to expect all sorts of zero day exploits on all sorts of products, both general computing and security specific offerings. 2007 could be the YEAR of client side bugs, as we may not see 365 new ones – but scarily enough, we may come close. Maybe this will convince some software companies out there to finally get their act together on secure coding.

So what will be the response from Big Security? More shit in the bag. It may not be as integrated as it needs to be, but it will be in the same install package. The most fought after real estate in computing this year will be on the desktop. If the Big AV vendors lose the agent, they are cooked. So you’ll see things like rootkit detection, anti-phishing, whole disk encryption, wireless hygiene, safe web browsing and the like added into AV suites. This is actually a good thing for users, as long as the policy and management get the needed integration as well.

But it’s still about price and with increasingly sophisticated updating and software distribution infrastructure; the switching costs of a desktop security suite are minimal. So lots of customers will. And that creates downward pricing pressure on endpoint security. Though I do expect the public AV vendors to hide the pricing pressure by blurring the lines between product and services revenue. This keeps the financial analysts burning the midnight oil trying to figure out what’s going on. That’s another group I don’t envy.

And though it continues to feel fruitless, don’t give up on user education just yet. Seriously. It takes years of consistent effort to make inroads and an educated user is still one of the best defenses out there. You can’t buy enough technology to stop all the attacks. So the user really is the line of last defense. Keep them ignorant at your own peril.