Our Editor in Chief Marilyn Cohodas posed some questions on the state of malware prevention in the industry to our readers in her weekly editorial. Below is one of the responses. Read the original editorial.
I loved your article, it was passed on to me by one of my peers at work. I've been waiting for months now for someone to put Microsoft's new initiative into writing.
In response to your questions in your article, "The Next Worst Thing in Malware":
So tell me: Are spyware and spam your most-critical security problems? What do you need to combat them?
Absolutely, spyware has exponentially gotten out of hand in recent days and has dramatically caused issues in regards to users of personal computers world wide. As a woman in your position you may already know the problem of spyware and spam arises from the fact that people can actually make money writing malicious code that will penetrate our security defenses on our computers, thus utilizing valuable resources to send out confidential information like e-mail addresses for advertising. This is different than what we previously experienced with viruses alone, and only helps to create a new momentum that was never seen before in the cracker virus/spyware industry of the 90s.
While all of this is working for the selfish people that write the code for spyware, none of it is working for the companies, organizations, and people who just want to get their day-to-day business done. It's a crime, and I personally/professionally feel that people that write this code, as well as the companies that endorse it should be held legally accountable for the damage they have done in the various industries. We need to establish better ethics in our IT field, and law is an effective tool to enforce ethics traditionally.
If so, what is the next worse thing you are seeing in the trenches of the malware battle?
The worse thing I've seen in the malware battle was a piece of spyware that actually downloaded itself via a self executing script on a Web page according to the user that was infected. The spyware I'm referencing opened a security hole that created a personal FTP server on our client's computer. This FTP server afforded people to send and receive files whenever our poor client was connected to the Internet without our client ever knowing. The other types of more common malware are spyware that when installed keeps installing other spyware until the computer can't boot-up anymore. My co-worker has actually touched a machine that had 2300 separate pieces of spyware on it (which is more than the 1300 I've seen), thus rendering one of our client machines useless for operation.
In terms of viruses the Sasser was the worst thus far; because of its impact on the industry, and the fact that it effectively kicked the users off as soon as they connected to the Internet. Thus, Sasser wouldn't allow the user to update their own computers fast enough to get rid of the virus. The love bug was another virus that was bad, because we had to sit by and watch our computer based resources get infected while Symantec, and MacAfee scrambled for a solution.
What do you need to combat them?
Besides educating our users on malware and how to avoid it; we need exactly what Microsoft is creating, an antispyware enterprise solution that is robust enough to deliver updates to client computers via the network. This will effectively allow the clients to have their machines updated behind the scenes so that they get the best protection, while allowing them to focus on their work instead of the annoyances of malware. In my opinion as a seasoned technology professional, the days of standalone antivirus products that just focus mainly on antivirus and/or focus minimally on spyware has been out for the last three years - at least. The fact is Microsoft observed these sleeping giants as well as the demand for a better product, and as Microsoft has done in the past they decided to capitalize off this opportunity to grow its market share. Any IT professional with half a sense has seen the development of an enterprise tool by Microsoft was eminent as we effectively watched the purchase of Sybari Software Inc., along with the roll out of WSUS (a free Windows update enterprise solution) in response to Microsoft's security based focus.
Utilizing the Microsoft AntiSpyware Tool, we were able to clean more spyware from the computers than with any other spyware tool thus far. We haven't found one tool yet that has cleaned every single spyware infection off, as of today. I do know for a fact that since spyware is driven by monetary gains, and I may only infer that it's simply impossible for one company to keep up with every single instance of spyware because of this. What we normally utilize are multiple tools like Ad-aware and spybot however, Microsoft seems to find more instances of spyware infections. And no I'm not one of those annoying people that thinks that Microsoft has some conspiracy to create all these spyware executables. Don't be ridiculous! Microsoft saw its software competitors sitting on their hands in response to the spyware issue, and Microsoft is working towards creating a better solution, because others still aren't doing an effective job. Let's look at it through Microsoft's eyes: Look mom, I'm on top of the world (Windows)… and I have all these people shooting holes in me (viruses and spyware), however my friends (antivirus, antispyware products) aren't doing a darn thing to help me. Well time to get out the big guns and fight back, nothing to do but go this one alone! One can say it's a setup from other software companies to make Microsoft look bad.
Watch out Symantecs and McAfees of the world, your stock will decrease if there's not a better response to the invasion of spyware before Microsoft releases it's final solution! The fact of the matter is we do have a research and development effort here at my place of employment, because of the constant malware issues we've experienced. Although Symantec's latest automatic version states that it addresses spyware the product doesn't quite equate to an effective antispyware tool in my eyes, because Microsoft Anti-Spyware catches more. Yeah, it's kind of like comparing apples and oranges, but don't try to sway customers by stating you address spyware when you can't do it effectively enough to even remotely come close to the antispyware competitors. While Symantec and McAfee have made their place in our IT world as the virus tool of the 90s, they have become complacent in this technology and will have to exert a lot more effort than they are doing today.
Do I think this Microsoft merger is an Anti-trust violation?
Simply put, Hell no! This new move by Microsoft is exactly what the IT industry needs, and wants. We live and die in this industry by our own actions, and the fact that the bigger virus companies haven't done piddly to address these issues should reflect in their stock prices. We are sick of spending hours and days cleaning off computers that should've been kept clean by the right automated tool. Have an effective solution? Will buy!
This was first published in October 2005