TECH | Losing the virus war?

When a leading figure in the anti-virus business speaks honestly about the status of the war against computer viruses; it's worth listening!

Eugene Kaspersky, who heads the Russian anti-virus company Kaspersky Lab, has been honest enough to say that anti-virus (AV) vendors are having trouble keeping pace in the race with virus-writers.

For most of us, that statement rings true as we've been hit by virus-infested spam emails before our AV software automatically provides an update to block them. After all, the antidote can only be produced after the pandemic begins.

Still, it seems like things are getting out of hand. And Kaspersky goes on to paint a clear, even if somewhat depressing picture, when he says that virus authors take advantage of the fact that AV software depends on frequent virus-definition updates to spot the latest malware. By the time those products are updated to detect the latest threat, the virus writers have already released several newer versions that evade the latest AV signatures.

So, obviously, virus creators are beating the 'update cycle', and are actually hitting AV software with a juggernaut of mutated virus versions which leave AV companies confused.The result has been AV software that simply doesn't work!

How many times have you updated your AV software only to find out that it let a particular virus slip into your system, although the AV company claims to have updated its software to catch it?

Kaspersky talks about that too and explains that malicious programs propagate so quickly that AV companies have to release updates as quickly as possible to minimize the amount of time that users will potentially be at risk. Unfortunately, many AV companies are unable to do this - users often receive updates once they are already infected.

Moving onto the next painful fact, Kaspersky also says that AV software, even when updated, doesn't always cure a computer's infection.

He says that, very often, viruses and Trojans are written in a way which enables them to hide their presence in the system and/or to penetrate the system so deeply that deleting them is a complex task. Unfortunately, some AV programs are unable to delete malicious code and restore data which has been modified by the virus without causing further problems.

That's not good news at all! In fact, it casts a shadow of doubt on the confidence of users in AV software. I know I've faced all of the problems he's talked about, haven't you?

So, what's the solution? Kaspersky thinks it lies in more coordination among AV companies to share their knowledge and ensure that whoever spots a virus first or manages to cure it shares this information.It's not likely to happen, though, as AV software companies compete with one another in a cut-throat and high profit market. Maybe it's time they cooperated for the greater good.

Maybe us users have something to say in this regard; or maybe some active programmers in the open-source community can create AV software that is created and updated with that cooperative mentality, and with thousands of experts pitching in to solve every problem.

If and when that happens, AV companies will regret prioritizing short-term profits ahead of long-term stability of their business.

zanasser@gmail.com

TECH | Every application you use, is insecure!

Security continues to be a hot topic, as critical computer networks suffer vulnerabilities and hacking.

The national security of countries is at stake when its mission critical systems can be tampered with or penetrated.

Accordingly, the growing importance of pre-detection of vulnerabilities and tackling them has become a standard practice. One of the recognized authorities in this field is the US National Infrastructure Protection Center (NIPC) which cooperates with the SANS Institute to determine the most critical security vulnerabilities.

A few years ago, these two bodies put together a list of ten vulnerabilities, but now they've come up with a list of twenty and it doesn't make comfortable reading!

The list includes every piece of software you are likely to be using at the moment!

Starting with the predictable, and well documented, flaws in Windows XP, the list goes on to name Internet Explorer, Windows Libraries, Office and Outlook Express.

And that's only Microsoft's massive contribution to the problem. Apparently, almost every piece of commercially available software from other vendors is vulnerable too!

The report calls them 'Cross-Platform Applications' meaning this is something that Linux, Unix and Mac OS users should also look out for.

The list mentions Backup Software, Anti-Virus software (yes, this one is particularly surprising), PHP-based Applications, Database software, File-Sharing applications (of course, how else would malware spread?), DNS Software, Media Players, Instant Messaging Applications, Mozilla and Firefox browsers (answering the security claims of fans of these browsers) and more!

Thousands of private and government organizations worldwide will take a look at this list, and throw their computer systems out of the window! How could they possibly secure their systems when every piece of desktop software in use is vulnerable?

Looking at this list in a level-headed way, what it basically means is that users must exercise caution when using applications, and patch security holes and vulnerabilities consistently, while upgrading their software in accordance with every security update announced.

However, it should be understood that it's not likely that hackers, virus creators and cyber-criminals will stop at any level of security you apply, as they'll always try to penetrate the latest security updates. Regrettably, as recent history shows, they're quite capable of that.

What’s a user to do? At the moment, you can only hope that companies like Microsoft are on top of developments, and if and when a big virus or hack-attack occurs, you’re not in the first wave of PCs hit. If you’re still around when the patch or security procedure is announced, you and your PC will be fine. The term ‘living on the edge’ takes on a whole new meaning!

zeid@maktoob.com

(Published in The Star)

DIGILIFE | Terror in the 'digital domain'

As our nation responds to the bombings that rocked Amman's hotels last week, and as we begin a new phase of heightened security, there are calls to secure the 'digital domain' which is being used by terrorists all over the world.

In the past, terror organizations would announce their responsibility for a bombing through an anonymous phone-call. Today, they do so through their websites which have become meeting areas for like-minded terrorists and sympathizers.

Utilizing the advanced media streaming technologies of the Internet, these websites even include videos of their activities. Who will forget the recordings of beheadings of captives that shocked the world last year, which were made available through websites of these groups?

These people are using the Internet as their only means of communication, with websites that promote their ideals and help them get new recruits. Internationall cooperation and intelligence is obviously required to secure and monitor the digital domain.

There are other, rising concerns driven by the Internet's open-for-all information.

Any terrorist seeking to build a bomb, of any size, can find blue-prints and a guide to do so on the Internet. Sometimes they get the information from purely scientific sites, or hobbyist do-it-yourself sites.

Such information and such sites must adopt limited access rights. Even then it would be possible for information to get into the wrong hands, but now it's ridiculously and unacceptably easy.

The real scare that is starting to emerge is regarding terrorists gaining information on bio-terror through the Internet. Scientific and medical websites that explain the molecular breakdown of killer viruses could be accessed by anyone. With the expertise and facilities to reproduce these viruses, you can imagine the wide-scale danger of this situation.

Recently, as medical minds across the world work together to create a bird flu vaccine, virus structures (including that of the 1918 Spanish flu) have been mapped and revealed across the Internet to enable scientists all over the world to use them in vaccine development. These could also fall into hands of capable people with other motives.

Back to the more immediate and primary uses of the Internet, which facilitates communications among members of these groups worldwide, an Internet surveillance strategy has got to be part of any new security procedures put in place.

As His Majesty the King said, Jordan will not become a police-state, but we will raise the levels of security. Policing the Internet does not mean limiting freedoms, but it does mean monitoring it for signs of danger, cracking down on terror websites and the groups behind them, ensuring that the scientific information put out on the web is done so with limited access rights and generally remembering that in the digital age, the danger could begin on cyberspace. It's got to be part of our future plans.

As we unite to denounce the actions of these terror groups, let's also be vigilante on the Internet, keeping an eye open to subversive and suspicious activities. It's the least, we the Internet community, can do.

( Published in The Star )

DIGILIFE | You blog, they Splog!

As part of the Internet revolution, new terms are emerging fast. The one that caught my eye recently, and which described a problem that myself and fellow bloggers have been facing is called: 'splogging'.Simply, it refers to mass postings on blogs by spammers.

The fusion of the words spam and blog creates 'splog', and it's been a serious problem since the beginning of this year, reaching epic proportions in the past couple of months and especially hitting the Google-owned service, Blogger- the one with blogspot.com addresses.

From personal experience, I can tell you that of the 20 or so comments I get on my articles posted on my blog, fifteen are such spam.It's either someone trying to sell me medicine, real estate, training, gambling services or, as you would expect, pornography!

In the past few weeks, it's gotten out of hand, with Sploggers taking it further and actually mass-producing blog sites and putting a huge load on blogging servers.

The most recent attack uses automated tools, or 'bots' as they are commonly referred to, to manipulate Blogspot service and create thousands of fake blogs loaded with links to specific Web sites selling some of the products and services mentioned before.

What this 'bot' did was create large search results and boost traffic to those sites by fooling the search-engine spiders that crawl the Web looking for commonly linked-to destinations.The counterfeit blogs, numbering in the tens of thousands, also triggered thousands of RSS feeds and email notifications, swamping RSS readers and inboxes.

They're calling it a 'splogs-plosion'.It has brought the Splog problem to the fore now, and it's putting serious pressure on Google and other top blog hosts to find ways to secure there services.

The real problem is that Blogs are, fundementaly, very open interaction systems and securing could potentially halt the blogging revolution, or at least change its characteristics. Blogger is, therefore. a victim of its own success at being everything that personifies the blogging craze: it's very simple to use, has an open API and is free.

As a direct result of what happened on Blogger (Blogspot), leading blog services that link to it are considering limiting their connections to that service or canceling it altogether.

Services like PubSub, Technorati and Feedster, include entries from Blogger-BlogSpot feeds in the normal results delivered to users, but PubSub is planning to ask users to explicitly opt in if they want to see results from Blogger-BlogSpot feeds.

It all seems like the end of the age of innocence for the blogging community. The bad guys are ruining it for them and they have to change their once open and tolerant e-society.Sounds painfully familiar, doesn’t it!

zeid@maktoob.com