An interesting thing happened this year: It appears that 2005 wasn’t worse securitywise than the previous years. Sure, malware and hackers were as crazy as ever, but when I asked many of my computer security friends if 2005 was better or worse than previous years, every one of them said it was better. Granted, our survey is far from a scientific poll, but the collective responses were surprising nonetheless.
So, in a year when Windows rootkits went mainstream and malware went criminal, what’s to brag about?
Probably the most significant event was the lack of a global crisis -- you know, a Slammer- or Blaster-style worm that infects the world in eight minutes. There was no malware with a replication magnitude on the order of Code Red, Slammer, Nimda, or the Iloveyou virus. With the notable exception of PHP worms, even the Linux side had fewer popular viruses and worms this year.
This was also the year when patching got easier. Not only did more and more sophisticated patch management tools arrive from every sector, but there were fewer patches to deploy. 2005 is Microsoft’s best year since the days of Windows 3.1, with fewer Windows patches compared with the past four years. And when Microsoft patches did come out, they came out on a single day each month, so IT teams everywhere could breathe a little easier the other 29 days of the month. More Linux distros got automated patching tools, and it seemed nearly every miscellaneous program had an auto-updating mechanism.
Administrators got better at blocking hackers and malware -- not yet perfect, but overall there was improvement. And it seems that end-users have finally got it: I actually know end-users who don’t click on every file attachment they receive.
Security tools got better, too. IPSes are finally going inline real-time and beating the first generation issue of false-positives. Network access control and quarantining methods are becoming more commonplace, and even anti-virus software seems to getting more accurate.
What went bad in 2005? The stuff that is getting by our defenses is more dangerous: Malware went criminal. Most of today's malware exists to steal confidential information, send spam, or steal identities. Now, malware is getting harder to remove, hiding better, and contains more tricks and exploits than ever. I used to be in the camp that if you found malware, just remove it, accept the risk, and get back on with real life. Now, I recommend formatting the machine and restoring clean data from a clean backup. Oh, yeah, and change all your passwords and watch your monthly statements.
Spam and spyware seem worse than ever, despite the FTC's December announcement that the CAN-SPAM Act is actually decreasing spam. That’s like saying budget deficits are decreasing this year when you’re responsible for sending them sky-high in the first place. Read next week’s column for more of my thoughts on how CAN-SPAM is really doing.