Quantcast
Connect with us

How Flame virus has changed everything for online security firms

Published

on

Here’s a question: if you connect an unprotected Windows computer to the internet, how long will it take before it is infected by malicious software? The answer is: much more quickly than most lay users think. In 2003, the average time was 40 minutes. A year later it was 20 minutes. By 2008 an unpatched computer running Microsoft Windows XP could only expect five to 16 minutes of freedom. The Internet Storm Centre (ISC) provides a useful chart of what it calls “survival time” for Windows machines. It suggests that a PC currently can expect between 40 and 200 minutes of freedom before an automated probe reaches it to determine whether it can be penetrated. The numbers for other operating systems (such as Unix and Linux) are better (from 400 to 1,400 minutes), but the moral is the same: the only way to have an absolutely secure computer is not to connect it to the net.

ADVERTISEMENT

On the back of statistics like this, a huge global industry has grown up – the PC “security” business – dominated by companies such as Norton, Symantec, Sophos and Kaspersky. They offer software tools for blocking computer viruses, worms and Trojans (programs that look innocuous but compromise the computer in some way, rendering it controllable by an external agent).

The PC security business does offer a degree of protection from the evils of malware, but suffers from one structural problem: its products are, by definition, reactive. When a particular piece of malicious software appears, it is analysed in order to determine its distinctive “signature”, which will enable it to be detected when it arrives at your machine. Then a remedy is devised and an update or “patch” issued – which is why your PC is forever inviting you to download updates – and why IT support people always look pityingly at you when you explain sheepishly that you failed to perform the aforementioned downloads.

So the security companies are always playing catch-up, profitably slamming stable doors after the horses have bolted. Until recently, the industry has tactfully refrained from emphasising this point, and most of its customers have been too clueless to notice.

This cosy arrangement was too good to last, and a few weeks ago the industry’s cover was finally blown. What happened is that computer security labs in Iran, Russia and Hungary announced the discovery of a virus called Flame, which one researcher has called “the most complex malware ever found”. For at least two years Flame has been copying documents and recording audio, keystrokes, network traffic and Skype calls, as well as taking screenshots from infected computers. And passing all the information it harvested to command-and-control servers operated by its creators. And here’s the really startling bit: in all that time, no security software raised the alarm. It bypassed the “signatures” databases of all the PC security companies.

Nobody knows who wrote Flame, but the consensus in the industry is that it was an expensive high-end creation in the same league as the Stuxnet worm that attacked the Iranian nuclear programme. The odds are, therefore, that it was a product of the security agencies of the US, UK or Israel, or some combination thereof. But because the malware incorporated a “kill switch” that can wipe out all traces of it from an infected machine, and that switch has reportedly been activated, we may never know for sure.

ADVERTISEMENT

What we can be sure of, though, is that we’ve crossed the threshold into a different world. The old signature-based, reactive approach of the anti-virus industry is not up to this new game. We’re going to need radically different approaches if our societies – and our industries – are going to be able to protect themselves from the imitators and successors of Flame. And for that we’re going to need new metaphors and models. The current anti-virus approach is a bit like playing whack-a-mole, and it’s run its course.

In thinking about this, some companies and researchers are looking to natural systems for inspiration. The human body’s immune response system, for example, is pretty impressive in detecting and dealing with intruders and IBM has used it as a metaphor for its “Digital Immune System for Cyberspace”. The company claims that its system can automatically detect viral activity at a very early stage as well as develop a cure and distribute it across the internet faster than the virus spreads. No doubt other researchers are working on similar ideas. If so, then perhaps we won’t have wasted the crisis triggered by Flame.

guardian.co.uk © Guardian News and Media 2012

ADVERTISEMENT


Report typos and corrections to: [email protected].
READ COMMENTS - JOIN THE DISCUSSION
Continue Reading

Breaking Banner

‘Nazi Nuremberg defense’: Buffalo police ripped for defending cops who pushed elderly man

Published

on

The Buffalo Police Department Emergency Response Team was harshly criticized online after all 57 officers resigned from the team in solidarity with officers who were suspended for shoving an elderly man during protests against police violence.

Video went viral on Thursday that showed police shoving 75-year-old Martin Gugino, who bled from the ear after his head hit the concrete with a thud.

“Fifty-seven resigned in disgust because of the treatment of two of their members, who were simply executing orders,” Buffalo Police Benevolent Association president John Evans said in a statement.

Continue Reading

Breaking Banner

Minneapolis store faces boycott over Hitler-praising social media posts written by owner’s daughter

Published

on

On Friday, the Star Tribune reported that a number of businesses in the Twin Cities are cutting ties with Holy Land, a Mediterranean restaurant and grocery store, following the emergence of racist and anti-Semitic past social media posts from an employee.

"Majdi Wadi, CEO of Holy Land Brand Inc., which operates a Middle Eastern grocery store, restaurant and deli in northeast Minneapolis, apologized for the 2016 posting and revealed that it was written by his daughter, Lianne Wadi, the company’s catering director. She was fired," said the report.

Continue Reading
 

Breaking Banner

57 Buffalo cops resign to support suspended officers who pushed down elderly man

Published

on

The entire Buffalo Police Department Emergency Response Team -- a total of 57 officers -- has resigned from the team in support of the two officers who pushed 75-year-old Martin Gugino to the ground, seriously injuring him.

They are still employed, but no longer on ERT.

According to Buffalo Police Benevolent Association president John Evans, the cops who pushed Gugino down were just following orders.

“Fifty-seven resigned in disgust because of the treatment of two of their members, who were simply executing orders,” Evans, said in a statement.

Continue Reading
 
 
You need honest news coverage. Help us deliver it. Join Raw Story Investigates for $1. Go ad-free.
close-image