Information Technology Reference
In-Depth Information
Raising Our Immunity to Cyberattacks
The similarities between the field of security and the field of medicine provide an
interesting metaphor. The correlations are not identical, but thinking in medical
terms is useful for software and computer security specialists.
Firewalls are a bit like rubber globes or surgical masks: They stop the passage
of harmful vectors such as viruses or worms. However, as with real gloves and real
masks, the firewalls might leak. Currently, they seem about 90% to 95% effective
against known threats, but they are of lower effectiveness against zero-day threats.
Static analysis tools are a bit like vaccines, and they also raise immunity levels.
Static analysis tools can identify weaknesses in source code and eliminate them
before applications are released.
Antivirus programs are a bit like antibiotics and vaccines. They can stop many
harmful vectors and can kill most of the vectors that manage to penetrate to a com-
puter or software package.
However, tests of antivirus packages published on the web and in computer
journals indicate an effectiveness of between 83% and about 99% for stopping
known vectors before they gain access and perhaps 85% for removing known vec-
tors that have established themselves in a computer. Here, too, effectiveness is
reduced for zero-day vectors that are so new that antivirus vendors have not ex-
amined them and hence depend on heuristics or hypothetical models of unknown
threats.
Organizations that help in recovering from cyberattacks are a bit like nursing
homes or rehabilitation homes. They help injured companies and individuals to re-
cover stolen identities and to restore damaged credit ratings.
In today's world, all major banks and many large consumer chains have full-
time security offices for dealing with stolen credit cards and identify theft. So do
larger police stations, state police, the FBI, Homeland Security, the Secret Service,
and other government groups. These can be helpful, but by the time their help is
needed, something has already been stolen or damaged.
The bottom line is that while defensive methods such as firewalls and antivirus
programs are pretty good, they are not perfect.
What are the prospects of raising the immunity levels of computers and soft-
ware packages so that they cannot easily be attacked by viruses or worms? Al-
though a lot of attention is being paid to security by thousands of organizations,
coordination and cooperation could probably be better than it is.
Search WWH ::




Custom Search