On the threat landscape, anti-virus peddlers have been making much of the shift from worms and virus outbreaks to lower profile attacks. But all that talk masks a sad truth: Worms and viruses never really went away; Nyxem and Warezov were two major worm outbreaks in 2006, amid a sea of smaller ones. In 2007, however, self-replicating code will be harder to ignore. Even if enterprises are well prepared, social networking Web sites MySpace and Facebook serve as great mediums to spread malicious code, and application-based attacks like those that infected unpatched Symantec anti-virus installations and the Skype VoIP application can easily go unnoticed. After all, the underlying economics that gave birth to the mass mailing worm and the Internet worm haven’t changed one iota: Compromised systems are valuable launching pads for botmasters and spammers, and worms continue to be a fast and effective way to build networks of compromised systems.
Finally, the past year has brought plenty of news on promising NAC (network access control) technology, but surprisingly little clarity. The picture got a bit clearer in June, when Cisco and Microsoft announced progress on integration between Cisco Network Admission Control and Microsoft’s Network Access Protection architecture, a key component of its coming Longhorn server. But Cisco’s insistence on major LAN or WAN infrastructure updates to realize the NAC features built into its routers and switches will be hard to swallow for many enterprises. Microsoft has been playing both sides of the field, as well, working with Cisco on NAC-NAP integration, while also saying it will support the open Trusted Network Connect architecture in Longhorn. The problem cries out for cooperation, but the indecision around NAC is likely to continue in 2007.