Cheswick: Viruses primed to be more complex, vicious

Computerworld Australia - SYDNEY -- Viruses and worms are primed to become more complex, vicious and dangerous as the days of quick and easy exploits come to an end thanks to Microsoft Corp.'s efforts to finally lift its game.
Speaking at the Auscert conference in Queensland on Monday, former Bell Laboratories researcher, IT security author and founder of IT security company Lumeta Corp. Bill Cheswick said improved security will force malicious code writers to construct more complex wares that will either circumvent or push conventional defenses such as antivirus software and firewalls to their limits.
Cheswick said recent examples of malicious code that hadn't necessarily escaped into the wild were generally becoming more time-consuming and difficult to safely replicate or fix..
"Virus emulators are slowing down. This game is not going to end nicely. ... What happens if there is a virus you cannot defeat [before it cripples the Internet]? The spooks [defense and information warfare specialists] worry about viruses with their own compilers," Cheswick said.
Despite the new threat, Cheswick said Microsoft was doing its best to remedy the way it builds security into its code after some 20 years of less-than-perfect versions.
If there was doubt about Microsoft's capacity to deliver secure computing, it wasn't reflected by way of lack of interest in the head of the company's Security Response Center, Iain Mulholland.
Mulholland backed Cheswick's assessment of more complex exploits starting to appear, saying that he was seeing "a commodity market being built that buys and sells exploits and vulnerabilities," which he likened to "the next big thing after the dot-com boom".
"The low-hanging fruit is gone. Some of the exploits we are seeing are very complex," Mulholland said.
Mulholland said that while holes were being discovered far more frequently than monthly patch releases, Microsoft was concentrating on getting the best possible quality out of its security updates so that more problems weren't caused by the patches, Mulholland said.
Not everyone was convinced. One delegate, a government IT security manager who requested anonymity, criticized Microsoft's current patching regime. He said software updates could potentially be hijacked by diverting the IP address -- resulting in possible infection by Trojan horses.
Mulholland countered the allegation by saying that code downloaded from Microsoft was "intentionally very brittle" and that authentication by way of "baked in certificates" was there to protect users.

Reprinted with permission from

Computerworld AustraliaFor more news from Computerworld Australia, visit its Web site. Story copyright 2006 Computerworld New Australia. All rights reserved.