[iwar] [fc:Data.on.Internet.threats.still.out.cold]

From: Fred Cohen (fc@all.net)
Date: 2002-01-21 19:11:38


Return-Path: <sentto-279987-4356-1011669076-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 21 Jan 2002 19:13:08 -0800 (PST)
Received: (qmail 20460 invoked by uid 510); 22 Jan 2002 03:11:15 -0000
Received: from n30.groups.yahoo.com (216.115.96.80) by all.net with SMTP; 22 Jan 2002 03:11:15 -0000
X-eGroups-Return: sentto-279987-4356-1011669076-fc=all.net@returns.groups.yahoo.com
Received: from [216.115.97.162] by n30.groups.yahoo.com with NNFMP; 22 Jan 2002 03:11:16 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_1_3); 22 Jan 2002 03:11:16 -0000
Received: (qmail 86819 invoked from network); 22 Jan 2002 03:11:15 -0000
Received: from unknown (216.115.97.171) by m8.grp.snv.yahoo.com with QMQP; 22 Jan 2002 03:11:15 -0000
Received: from unknown (HELO red.all.net) (12.232.72.98) by mta3.grp.snv.yahoo.com with SMTP; 22 Jan 2002 03:11:15 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g0M3BcS15225 for iwar@onelist.com; Mon, 21 Jan 2002 19:11:38 -0800
Message-Id: <200201220311.g0M3BcS15225@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Mon, 21 Jan 2002 19:11:38 -0800 (PST)
Subject: [iwar] [fc:Data.on.Internet.threats.still.out.cold]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Data on Internet threats still out cold

By Robert Lemos 
Staff Writer, CNET News.com
January 21, 2002, 4:00 AM PT

Are we winning the battle against computer viruses and security threats, or
getting swamped by an epidemic?

Although corporations and individuals are taking more measures to inoculate
against computer viruses and online vandals, security experts disagree over
whether they're stemming the tide or simply keeping heads above water in the
face of a growing number of hackers and ever more virulent code.

Assessing the situation is tough, say experts, because of the lack of
conclusive data about viruses and their effects.

"We need more data, better data and different kinds of data," said Richard
Power, editorial director for the Computer Security Institute, which
produces a yearly survey that contains some of the most often cited--and
occasionally maligned--data on security incidents.

"Having the right data would help debunk a lot of the crap out there:
predictions of an electronic Pearl Harbor and the waves of hype that follow
virus attacks like I Love You," Power said, adding that CSI's poll can't be
considered scientifically accurate.

Everyone agrees more needs to be done. Microsoft Chairman Bill Gates told
his employees on Tuesday that security, not product features, will be the
company's primary concern.

To some degree, the question of whether Internet security is improving is a
matter of perspective.

Market researcher Computer Economics estimated that the impact from such
digital threats as viruses, worms and Trojan horses dropped to $13.2 billion
in 2001 from $17.1 billion the previous year. The I Love You virus caused
the largest amount of pain--an estimated $8.75 billion--according to the
company's 2000 estimates.

Such numbers support some virus researchers' conclusion that a combination
of security measures--the digital equivalent of a drug cocktail--has helped
make the Net more secure.

"Corporations have gotten better at handling viruses," said Vincent
Gullotto, director of computer software maker Network Associates' antivirus
emergency response team. "They have an infection here and there, but (the
viruses) are not penetrating." Gullotto also said security has been helped
by a faster response to crisis situations on the part of antivirus-software
makers. 

Yet, a second opinion--and data to support it--is only a click away.

E-mail service provider MessageLabs saw the occurrence of hostile e-mail
attachments, such as worms and viruses, triple during the last year. The
U.K.-based company analyzes e-mail in real time on behalf of its customers,
filtering out potential viruses, junk mail and inappropriate content.

In the early months of 2001, only one out of every 1,053 e-mails traveling
through the company's gateways had a malicious attachment. A year later, the
frequency had jumped to one out of every 325 e-mails.

"Our data is telling us that this problem is worse, not better," said John
Harrington, director of marketing for the company's U.S. subsidiary.

A third set of data lends support to that position. The Computer Emergency
Response Team (CERT) Coordination Center at Carnegie Mellon University--a
clearinghouse for information on Internet threats--saw reports of security
incidents climb to more than 56,000 in 2001, a jump of 160 percent from the
previous year. 

Yet the group doesn't explicitly track viruses and doesn't categorize the
number of threats. 

Who's right? 

Who knows, answered Roger Thompson, technical director of malicious-code
research for security-services company TruSecure. Thompson bemoans the lack
of good scientific data.

While Thompson has a hunch things are getting better, he said the need for
data "is great. I just don't know if we are going to get much more than
we've got." 

Even Michael Erbschloe, vice president at Computer Economics and the author
of the company's estimates of the amount of damage done by viruses, admits
the numbers are, scientifically, just a few steps up the evolutionary ladder
from a guess. 

"We benchmark cleanup cost repeatedly and constantly, and we do as well as
we can to calculate the number of hits," Erbschloe said. "It's less than
perfect, but (it's) the best we can do with the resources we have."

These types of studies and estimates don't seem to take into account such
basic factors as, for example, the increase in PCs connected to the
Internet. Almost 377 million computers worldwide were connected to the Net,
and thus susceptible to attack, by the end of 2001, according to market
researcher IDC. That's up from 241 million in 1999 and is expected to reach
704 million in 2005. By those numbers, reported attacks could proportionally
stay constant but double in actual volume by 2005.

Another problem, said Power, is that many companies never mention attacks
they've suffered. And that leaves decision makers--ranging from corporate
execs to senators--listening instead to the hype in the industry.

The conflicting data and lack of guidelines leave security professionals
with only their own anecdotes to convince executives to boost security, said
Greg Shipley, chief technology officer with network protection firm
Neohapsis, 

For example, Shipley voiced incredulity at Computer Economics estimates that
pegged the I Love You virus at 14 times more damaging than the September
attack of the Nimda worm. "Nimda scared us the most," he said, adding that
the company spent days cleaning up clients' computers after Nimda. I Love
You, on the other hand, was far easier to mop up after.

"When you have to sell management on why they should be shelling out serious
bucks for security, you need hard numbers--or at least harder numbers than
we have now," Shipley said.

Rob Rosenberger, a hoax debunker and virus historian for the Virus Myths Web
site, went a step further, calling the science behind the scarce data
currently available "napkin math."

In the end, he added, while companies need more information to track the
threats and help them make budgeting decisions, security companies might not
need--or want--better data.

"It's an interesting philosophical question," he said. "It would be like
tobacco companies saying we don't even want to do tests to see if smoking is
bad." 

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Sponsored by VeriSign - The Value of Trust
Do you need to encrypt all your online transactions? Find
the perfect solution in this FREE Guide from VeriSign.
http://us.click.yahoo.com/vCuuSA/UdiDAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST