In the previous article we used the analogy of a seat belt to illustrate the effectiveness of anti-virus software. It is a safety feature that will possibly h
elp you only in the event of a crash, and cannot prevent the crash. A seat belt in combination with an airbag, maintained brakes, properly functioning traffic lights, etc… would give you reason to feel protected while operating your vehicle. The problem is that not all drivers are familiar with the mechanics of a car and therefore do not know if the equipment is adequate or operating properly.
Responsibility needs to be placed in the hands of those who understand the technology and are aware of the cyber threat landscape. In a survey conducted by MAAWG (Messaging Anti-Abuse Working Group), 65% of respondents communicated that they thought ISP’s were responsible for stopping the spread of malware. End users, including enterprises need to demand more from their ISP’s. For example, all service providers should have mechanisms in the transit of their data that detects and reacts to malicious traffic. A step that likely won’t be taken unless their consumers demand it from them.
Service providers need to take control of this malware pandemic and stop the problem at its source. They need to have the capability to both identify and respond to malicious traffic aimed at their end users’ systems. It’s the difference between police officers catching the drug dealer on the corner or the DEA cutting off the supplier. ISP’s have the ability to mitigate the threat at its source so that the effect on the end user is minimal. One possible way they can do this is by disrupting the communication channel between the infected end users and the C&C servers so that both are rendered harmless.
A portion of the responsibility also falls on the software developers, who need to expand their expertise to incorporate security awareness. Malware writers often will design their attacks based on vulnerabilities they’ve observed in existing software. Developers should be well educated on the variety of new threats so that they can design software that is resistant to the latest tactic.
The current reality however is that end users are not being protected by ISP’s and software developers, and are left to defend themselves in this scary cyber world. While the best security defense is one that relies on a specialist to configure and not for the end user to decipher, that does not mean end users should do nothing. Various security devices such as a hardware firewall, a suite of desktop software (including anti-virus, URL reputation, and more), and a reputation based Domain Name System (DNS) resolver, all contribute to a more secure defense. End users also should turn on automatic updates for the OS and layered applications, which although are not fail-safe, serve the majority of users’ needs.
There are many grey areas in the security industry such as who is responsible for protection and until those issues are agreed upon, end users will have to continue to fend for themselves using more than just anti-virus. On a grander scale, ISP’s and software designers need to step up and protect us all from modern malware.
- Marc
