In Depth
Technology
Internet security moving toward "white list"
A sea change in how computers are guarded is on the way, with anti-virus vendors looking to reverse their protection philosophy
September 17, 2007
By Peter Nowak, CBC News
Internet security is headed toward a major reversal in philosophy, where a "white list" which allows only benevolent programs to run on a computer will replace the current "black list" system, which logs and blocks an ever-growing list of malevolent applications, internet security giant Symantec Corp. says.
The number of malicious software attacks, including viruses, Trojans, worms and spam, is rising exponentially, dwarfing the number of new benevolent programs being developed, making it increasingly difficult for security firms to keep up.
The solution, according to Symantec's Canadian vice-president and general manager, Michael Murphy, is to reverse how protection against such attacks is provided. Under the current system, a security firm discovers a new threat, adds it to its black-list database and updates its customers' anti-virus software to combat the problem. A "white list" would instead compile every known legitimate software program, including applications such as Microsoft Word and Adobe Acrobat, and add new ones as they are developed. Every program not on the list would simply not be allowed to function on a computer.
"This is the future of security technology," Murphy said at a presentation of the company's twice-yearly security report on Friday. The trick is to develop a "global seal of approval."
A white list would likely require co-operation and funding from a majority of players in the technology industry. Industry observers think it is a good idea, but it raises several issues. The oversight body would have to be neutral, mindful of open-source software — which is quickly and often modified — and speedy in its approval process.
"The bad guys are moving quickly and the good guys are moving quickly and the innovators are moving quickly. If the judges are taking months to judge things, then that's not fair to anybody," says Bill Munson, vice-president of the Information Technology Association of Canada. "That's not in the industry's or society's interest."
In its security report, Symantec said the incidence of malicious code was up drastically in the first six months of 2007. Symantec found more than 212,000 new malicious code threats, up 185 per cent from the last six months of 2006. Trojans, or programs that appear to perform one function in order to hide a malicious one, made up 54 per cent of the volume of the top 50 malicious code reports, up 45 per cent over the prior six months.
Trojans are particularly on the rise in North America, Murphy said, because Canadian and U.S. internet markets are more highly developed and thus protected from less-sophisticated and easy-to-identify attacks, such as spam and basic viruses.
Hackers beginning to steal from victims
The other big trend, Murphy said, is that hackers are no longer perpetrating attacks just for fun. Rather, these people are increasingly looking to extract money from their victims.
"This is a sea change," he said. ""It's not just a pimply-faced boy in his parents' basement. That certainly may be part of the situation, but now it's for profit."
Would-be hackers can buy software toolkits that allow them to create their own phishing attacks, where the criminal tricks a person into disclosing sensitive information such as a bank account number, for about $1,250. The black market for stolen information gleaned through such an attack can be lucrative, with an e-mail password selling for up to $350 US while a bank account number can fetch up to $400 US, Murphy said.
In the first six months of 2007, Symantec found 8,011 distinct credit cards being advertised for sale on the black market, but that number represented only a small portion of the total being sold. The advertised card numbers are used only to attract buyers, who then purchase numbers in bulk, which are not advertised.
Symantec said about 85 per cent of the stolen card numbers in circulation are American in origin, but did not disclose how many came from Canada.
Overall, Canada has fared well in combating malicious attacks, particularly spam. In the past, Canada has ranked as high as fifth in the world in terms of the volume of spam that is received, but internet service providers here have done an excellent job of attacking it, Murphy said, with the country dropping to 12th in the latest study. However, the bad news is that spam still accounts for 61 per cent of the world's e-mail, up from 59 per cent in the previous period.
