RSA - The State of Spyware
Moderator: Mike Rothman of Security Incite
Panalists:Gerhard Eschelbeck, CTO of Webroot Sofftware
Ira Winkler, President of Internet Security Advisors
Brian Burke, Research Manager, IDC
Alissa Cooper, Policy Analyst, Center for Democracy & Technology
I just finished listening to a panel discussion on the current state
of spyware. There were some good points and some not-so-good points.
Ira Winkler contended that spyware is the result of “dumb users.” He
couldn’t seem to get himself past that point to offer any useful
information.
It was generally agreed that blackmarket funds are driving an arms
race that we are loosing. Ira contends that ISPs have a legal
responsibility to filter blatant attack traffic on their networks. I
disagree with this on many levels; who is responsible for defining
‘blatant attacks?’ What are the consequences of non-compliance on the
users’ end? What are the consequences of noncompliance on the ISP’s
end?
The final word was that layered security is your best bet; gateway
appliances to apply a coarse filter to URLs before they hit the host,
then software on the end point to catch what gets past the appliance.
There is no quick fix, no silver bullet.
Again, no earth shattering news here. We’ve known for some time that black market funds give these organizations sustainability and longevity. We’ve also know that layered security is the best approach to securing the network, so most organizations are already doing it (patch management to address the holes in IE, anti-spyware apps, often two, restriction of Active-X Java script, and the lot).
I would go out on a limb and say that there is absolutely zero criminal activity that is not showing the criminals out-innovating the good guys. In fact, the good guys typically wouldn’t even have to exist or evolve if they were ahead of the criminals or had them beaten. And since we’re in a technology sector, this gap will always be more pronounced. Always. We need to accept that, although that doesn’t mean we need to go defensive and drop the offense.
We can also blame the users all day long, but in the end, we can’t fix that problem. There will always be pockets of idiots…I ranted about that on my blog so I’ll spare it here.
Lastly, net neutrality is going to be a divisive topic in coming years, if not already. I really don’t think ISPs have any real interest in being the Internet policemen. There’s really no profit in it, and only lots of trouble. I just saw on the full-disclosure list someone pleading for support to leverage ISPs against child porn…but who is to determine child porn or what rules or what ports should be blocked? I’ve had ISPs that blocked my personal SMTP servers, something typical people might not care about, but they leave me looking at alternatives that don’t filter (gg MSN). How much do we erode our trust and faith in ISPs to provide access? Do we let them make ethics choices? Perhaps with small things like dropping port 25 for everyone, but once we start making rules that detect botnets and shun those networks, we open up all sorts of problems, unfairness, false positives, or even malicious people tripping the alarms on purpose to cause problems.
I know it’s a slippery slope argument, but it is still a scary thought to make ISPs be the police of the net. I think that can only really happen if the government steps in and manages the infrastructure, which will never happen in a larger democratic/capitalist country.
By LonerVamp on 02.07.07 10:04 am