HOME Builder
JAMES HEIN
So how concerned do you need to be about security, really?
Consider a recent report from Secundia. They tested a selection of 12 Internet security suites to see how well they blocked threats. The highest scorer was Symantec who blocked only 64 out of the 300 exploits tested.
There was instant feedback from the security vendors crying foul over the testing methods. They claimed that Secundia only looked at one series of defensive tests and not their whole suites. Admittedly, Secundia did indeed focus only on the on-demand screening testing processes. Av-test.org backed this view as did others such as Sunbelt, I use their software, who claim that it was all just a publicity stunt.
Now I am not sure how you do things but I typically browse and occasionally grab something to take a look at. I'm hoping that the active defences are looking at the sites I visit and are checking the files I grab to make sure they are clean. If the best can only guarantee about 20 per cent protection that would certainly gain my interest.
At the same time, using such a suite only protects in some areas and does not fill the security holes left there if you do not apply critical security updates and patches to your respective operating system, be it OS X, Windows or something else. There is a group of users that still believe when they buy and implement a security suite then they are protected.
Yes many of the suites have other intelligent ways of determining problems but if they are not there in the front lines then it is still possible to get infected before it hits the secondary bank of tests. The problems may be picked up in the nightly run but that might also be after the damage has been done.
In a recent Symantec discussion the issue of polymorphism was raised. The last year and half has been a very active time for malware. On the plus side a recent take down of one of the largest spam distributors has dropped spam by a noticeable amount. On the negative side malware writers are getting smarter and so are their siblings.
The threats themselves are getting much more complex. While one new virus may be released into the wild the result can be literally millions of new viruses as server-side polymorphism allows a virus to change each and every time they are downloaded.
So you trigger a Trojan by visiting a site and this grabs some code from a server somewhere. The version you grab will be subtly different from the version that the next person grabs. This means that virus providers such as Symantec need to blacklist up to 20,000 sites a day.
So why as a web site-maker should you be concerned about this, after all this sounds like a user issue? Good question, and first you need to understand how it works. The bad guys, the malware writers, start by scanning for a vulnerable web server. They look for an ordinary web site that uses scripting of some kind.
Next step is to, say, try an SQL Injection attack that allows them to place malware in that server and site. When a user browses the site they are exposed to the exploit and may download something from the site to their machines. This then allows the malware writers to start dumping all manner of things to the now infected PC. This may include botnets, keyloggers and other malware.
Now replace the words "web server" and "web site" in the above to read your web server and your web site and you can understand why this issue is important to you and your web sites.
Since the typical method for dealing with such threats is blacklisting this means that your compromised site gets put on the list and people no longer go to your site. If this is a business site then you are in real trouble. Solution? Make sure that your web server and your web site are protected.
Email: jclhein@gmail.com.
Prev
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Next
