At the RSA Conference in San Francisco last week, I got the chance to
sit down with Stephen Cobb, a distinguished security researcher for the
IT security company ESET. We talked about a lot of things, including
Android security issues and how walled gardens have their uses.It was a
great conversation, touching on a wide variety of fascinating aspects of
online and mobile security, and I wanted to share as many of them as
possible.This list seemed like the best way to do that. And while not
every one of the dirty-dozen points presented here may surprise you, I
can pretty much guarantee that few people will already know – or agree
with - everything on the list:1. Big Data is not new to the anti-virus
industry. Turns out the anti-virus companies have been doing traffic
analysis, incident sharing and code sharing for decades, Cobb claims.
They just didn’t call it Big Data until the term become fashionable.2.
Anti-virus companies have been practicing co-opetition since the 1980s,
when they realized there was no percentage in one company being able to
stop one virus while you needed another company to stop a different
virus. They quietly began sharing virus signatures and other
information, Cobb says.3. All the major Web browsers share information
on malware sites and other threats. Chrome, Internet Explorer, Firefox
and the others all share which URLs to flag, for example. That’s why
when NBC.com was hacked recently and started spewing malware, everybody
was able to block it almost immediately.
4. One of the hardest parts of securing Big Data is knowing where the
data is actually stored. In the old days, when data was collected and
stored, it didn’t really move much. Now, in the cloud, Cobbs says we
don’t really know where data is stored. Malware creators are intent on
exploiting that, but what form that will take remains to be seen.
5. One reason more high-value targets haven’t been hacked is that there
is still so much low-hanging fruit for the bad guys to go after.
According to Cobb, so far, there hasn’t been much need to try and crack
the hardest targets.
6. Most attacks take the form of malware or hacking. Of the hacking
attacks, Cobb says, 80% go after passwords that are either non-existent,
guessed or stolen.
7. Anti-virus hasn’t been about matching virus signatures for years.
Some people say the anti-virus model doesn’t work because so much new
malware is coming out all the time that anti-virus solutions can’t
possibly keep up. But Cobb protests that most anti-virus software is
continually detecting previously unseen malware.
8. People who know what they’re doing on the Internet might be able to
get by with no anti-virus software. But Cobb says people are fooling
themselves when they claim: “I don’t run anti-virus software and I’ve
never been hacked.” “Are you really OK telling everyone you know – your
mom, for instance – not to run anti-virus software?” he asks.
9. There’s still an incredible amount of spam out there. You don’t see
it, but it’s still there. It’s using a a huge amount of datacenter power
to block it, but it’s built into the network security appliance and you
don’t have to deal with it.
10. The overall trend is for increasing levels of security to be
compressed into the core, to become part of a standard install. That’s
happened to anti-spam, to firewalls and it’s happening to anti-virus,
too.
11. It’s a lot harder to write 64-bit malware than it is to write 32-bit
malware. And that could help lower the number of attacks on 64-bit
systems.
12. In many ways, hacking behavior seems to have gotten better over the
years – at least in the United States, Cobb says. But we are now
increasingly exposed to other, more dangerous places. The globalization
of the Net has caught up with us even as the value of hacking has one
way up. Today, hackers aren’t just messing with us, Cobb notes, they’re
stealing from us. And that’s a big new incentive.