Labelled as the one of the most damaging worms ever, the Mydoom malicious code was at press time proving to be a boon for hackers and spammers but of little consequence to those Canadian companies that took security up a notch after last year’s spate of worms. However, this was written before it had not run its full course, said to be set for Feb. 12.
The Bank of Montreal, a company which was already replete with security technology, has “incorporated the lessons learned last year,” said Robert Garigue, the financial institution’s Toronto-based chief information security officer. “There has been a transformation.”
Last year’s Slammer and Blaster worms, referred to as a “shot over the bow” by Symantec Canada’s general manager Michael Murphy, were a painful lesson that convinced many companies to pay more attention to security.
Garigue said BMO is doing a better job of patch management, monitoring the currency of its applications, operating systems and antivirus management. The resultant system “is a series of rings to ensure as much defence as possible,” Garigue said. Mydoom was “filtered off at the gateway,” he said, though BMO security experts did see “indications of it arriving.” Since BMO quarantines all e-mail attachments (it sends recipients a notice that they can retrieve the attachment if needed), Mydoom was ineffectual. But even if an infected laptop had made it through, internal systems would have picked up on the abnormal behaviour of Mydoom trying to e-mail itself out. “We have agents that look for that kind of activity,” Garigue said.
Unlike last year, Garigue said, this time around he and his counterparts at other Canadian financial institutions seem to have been unaffected. A spokesperson for the Royal Bank concurred, saying it was not affected by Mydoom.
At the end of January, Mydoom and its b variant was believed to have infected some 500,000 machines worldwide and was still spreading.
The year 2003 marked a turning point in PC security – and not in a good direction. Users were overwhelmed by waves of e-mail worms, from Blaster to SoBig, that stole personal information, spewed spam, and conducted DDoS (distributed denial of service) attacks.
Security experts expect all of these threats to increase, not diminish. For the next two years, we’ll use the same weapons to fight back: antivirus software, spam filters, personal firewalls, and Windows patches. The difference is that many of these utilities may become part of the OS and operate automatically.
For example, Microsoft has announced a scheme that would turn XP’s Internet Connection Firewall on by default; the plan might also install Windows and Office patches automatically. The company has test-marketed versions of Windows containing a stronger firewall, plus antivirus and backup utilities. Given Microsoft’s history of packaging watered-down utilities in its OS, experts are skeptical of this approach.
Fewer buffer overflows or software “holes” will allow malicious code to take control of a machine, predicts Chris Wysopal, vice-president of R&D for security consulting firm @stake Inc. That improvement is due in part to new tools that find overflows before they’re exploited, and partly to a shift toward “managed code,” which examines each set of instructions and grants permission before the code can execute.
Removing human error from the equation is a key part of Microsoft’s Next Generation Secure Computing Base, an ambitious proposal that aims to solve myriad security problems. Formerly known as Palladium, NGSCB (pronounced “eng-scub”) will be woven into Microsoft’s Longhorn OS when it’s released in 2006.
Good encryption technologies already exist, but using them can be daunting. PGP Corp.’s new Universal software turns a server into a security box that encrypts, decrypts, and digitally signs a company’s e-mail, without requiring employees to lift a finger. People outside the company can download client software that manages encrypted communication with the server. Recently Leadtek Research Inc. started shipping motherboards with ENova Systems Inc.’s X-Wall LX-64 security chip installed. It automatically encrypts all data going into the hard drive and decrypts the data coming out, but only if users first insert a dongle containing the encryption key into the system’s FireWire port.