|
|
|
ONLINE FEATURES
Book Reviews
BW Video
Columnists
Interactive Gallery
Newsletters
Past Covers
Philanthropy
Podcasts
Special Reports
BLOGS
Auto Beat
Bangalore Tigers
Blogspotting
Brand New Day
Byte of the Apple
Economics Unbound
Eye on Asia
Fine On Media
Green Biz
Hot Property
Investing Insights
Management IQ
NEXT: Innovation
NussbaumOnDesign
Tech Beat
Working Parents
TECHNOLOGY
J.D. Power Ratings
Product Reviews
Tech Stats
Wildstrom: Tech Maven
AUTOS
Home Page
Auto Reviews
Classic Cars
Car Care & Safety
Hybrids
INNOVATION
& DESIGN Home Page Architecture Brand Equity Auto Design Game Room SMALLBIZ Smart Answers Success Stories Today's Tip INVESTING Investing: Europe Annual Reports BW 50 S&P Picks & Pans Stock Screeners Free S&P Stock Report SCOREBOARDS Hot Growth 100 Mutual Funds Info Tech 100 S&P 500 B-SCHOOLS Undergrad Programs MBA Blogs MBA Profiles MBA Rankings Who's Hiring Grads | |
JULY 25, 2005
By Spencer E. Ante They're Playing Our Virus These days, digital attacks on PCs are coming disguised as media files or targeting corporate backup systems Despite increasing public and corporate awareness about cybersecurity, the number of computer vulnerabilities in the second quarter of 2005 increased 10.8% compared with the first quarter, according to a new survey from the SANS Institute, which develops data and research on information security. In all, SANS discovered 422 new vulnerabilities, up from 381 in the first quarter. The good news? Patches exist for all of the new security holes and can be found from the Web sites of the software makers named in the survey. "SINS OF THE PAST." A quarter-over-quarter increase in itself isn't that surprising. Hackers are constantly developing new strategies and tactics to breach computer security systems. The new trojan horses are digital-media players such as the popular Apple iTunes program or the RealPlayer application from RealNetworks. Cybersecurity experts also report a marked increase in attacks on computer backup systems that often hold sensitive data such as e-mails and financial information. So why are vulnerabilities on the rise if corporations and individuals spend more time and money plugging computer security holes? Security flaws continue to persist primarily because commercial software vendors rush products to market that are not fully protected, say experts. "We are deploying flaws much faster than we are deploying fixes," says Ed Skoudis, a cyber-security expert and author of Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses. "There is a rush to get out new functionality quickly." Since Microsoft released its Windows XP Service Pack 2 last August, many computer users have shored up security of the Windows operating system. However, Microsoft's Internet Explorer remains vulnerable, say experts. One major reason: Software applications such as Internet Explorer contain code that is 5 to 10 years old, when security was less of a priority for software makers. "We are paying for the sins of the past," says Gerhard Eschelbeck, chief technology officer of Qualys, a computer security firm based in Redwood Shores, Calif. TROJAN TUNES. Due to the increasing popularity of digital media, hackers have increasingly targeted those applications. One typical tactic is to embed a virus or other type of malicious code into an audio file. The result: People unwittingly download music or video from a Web site or a file-sharing application, and their computer is infected. "The bad guy creates evil media and waits for users to take the bait," says Skoudis. "It is completely invisible to the victim. It's a pretty interesting and dramatic shift we've seen in the last year." The other emerging new hole is with corporate backup systems. In an electronic version of a sleeper cell, hackers can use viruses on PCs to launch an attack on an internal corporate backup system. Or they often slip through vulnerabilities in wireless networks to wreak havoc. "I've been involved in cases where hundreds of thousands of credit cards have been stolen via wireless," says Skoudis. KEEP PATCHING. So what's the best way to protect yourself or your company? It may seem obvious, but security experts say the best way to guard against the latest attacks is to constantly use firewalls, anti-spyware, and antivirus software, plus continually download the security patches from software makers. "You have to make sure your automatic updating processes are enabled," says Eschelbeck. Also, never open suspicious e-mails or attachments, or provide personal information to people whom you don't know. When it comes to security, vigilance is the key.  Ante is Computer editors for BusinessWeek
BW MALL
SPONSORED LINKS
Buy a link now!Get BusinessWeek directly on your desktop with our RSS feeds.  Add BusinessWeek news to your Web site with our headline feed. Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video. To subscribe online to BusinessWeek magazine, please click here. Learn more, go to the BusinessWeekOnline home page  | | |
 Copyright 2005, by The McGraw-Hill Companies Inc. All rights reserved.Terms of Use | Privacy Notice |
Printer-Friendly Version
