At the RSA Conference in San Francisco last week, I got the chance to sit down with Stephen Cobb, a distinguished security researcher for the IT security company ESET. We talked about a lot of things, including Android security issues and how walled gardens have their uses.
It was a great conversation, touching on a wide variety of fascinating aspects of online and mobile security, and I wanted to share as many of them as possible.
This list seemed like the best way to do that. And while not every one of the dirty-dozen points presented here may surprise you, I can pretty much guarantee that few people will already know – or agree with – everything on the list:
1. Big Data is not new to the anti-virus industry. Turns out the anti-virus companies have been doing traffic analysis, incident sharing and code sharing for decades, Cobb claims. They just didn’t call it Big Data until the term become fashionable.
2. Anti-virus companies have been practicing co-opetition since the 1980s, when they realized there was no percentage in one company being able to stop one virus while you needed another company to stop a different virus. They quietly began sharing virus signatures and other information, Cobb says.
3. All the major Web browsers share information on malware sites and other threats. Chrome, Internet Explorer, Firefox and the others all share which URLs to flag, for example. That’s why when NBC.com was hacked recently and started spewing malware, everybody was able to block it almost immediately.
4. One of the hardest parts of securing Big Data is knowing where the data is actually stored. In the old days, when data was collected and stored, it didn’t really move much. Now, in the cloud, Cobbs says we don’t really know where data is stored. Malware creators are intent on exploiting that, but what form that will take remains to be seen.
5. One reason more high-value targets haven’t been hacked is that there is still so much low-hanging fruit for the bad guys to go after. According to Cobb, so far, there hasn’t been much need to try and crack the hardest targets.
6. Most attacks take the form of malware or hacking. Of the hacking attacks, Cobb says, 80% go after passwords that are either non-existent, guessed or stolen.
7. Anti-virus hasn’t been about matching virus signatures for years. Some people say the anti-virus model doesn’t work because so much new malware is coming out all the time that anti-virus solutions can’t possibly keep up. But Cobb protests that most anti-virus software is continually detecting previously unseen malware.
8. People who know what they’re doing on the Internet might be able to get by with no anti-virus software. But Cobb says people are fooling themselves when they claim: « I don’t run anti-virus software and I’ve never been hacked. » « Are you really OK telling everyone you know – your mom, for instance – not to run anti-virus software? » he asks.
9. There’s still an incredible amount of spam out there. You don’t see it, but it’s still there. It’s using a a huge amount of datacenter power to block it, but it’s built into the network security appliance and you don’t have to deal with it.
10. The overall trend is for increasing levels of security to be compressed into the core, to become part of a standard install. That’s happened to anti-spam, to firewalls and it’s happening to anti-virus, too.
11. It’s a lot harder to write 64-bit malware than it is to write 32-bit malware. And that could help lower the number of attacks on 64-bit systems.
12. In many ways, hacking behavior seems to have gotten better over the years – at least in the United States, Cobb says. But we are now increasingly exposed to other, more dangerous places. The globalization of the Net has caught up with us even as the value of hacking has one way up. Today, hackers aren’t just messing with us, Cobb notes, they’re stealing from us. And that’s a big new incentive.