Security software alone not enough to beat Internet threats, says CA

Chicago (IL) - The growth of botnets has prompted several voices to claim that the war against this threat already has been lost. However, security software developer CA says the war "is far from over." It can be won, we were told, but Internet users will have to learn websmarts and be cautious about a false sense of security that is created by antivirus software - and Windows Vista.

There are very few days on which there are no news about new security holes in software and new security threats that are looking for new victims. It's something many of us got used to and a circumstance we have learned to live with. We have learned that being careful about emails from senders we don't know and at least virus protection has become a standard part of the equipment of many PCs.

Security has become a dominating feature of new software - security software itself is getting more sophisticated, battling more threats, not just viruses, than ever and even Microsoft touts the new Windows Vista as the "most secure Windows ever", thanks to its new Firewall and integrated "Windows Defender". But Brian Grayek, vice president of threat content development at CA, believes that such claims can lure users into a false sense of security and actually create new dangers.

In a conversation with TG Daily, he mentioned that "security isn't a destination issue, it's a journey," hinting that there is no single solution to provide a complete protection from Internet threats. Even if security software has become more sophisticated and there are programs that are largely automated, the battle against Internet remains a cat-and-mouse chase, good against evil. Just like in everyday life that requires a certain sense of streetsmarts, Internet users would need certain websmarts to protect them from malicious attacks, he said. Instead of being a "passive" user who installs security software and then forgets about it, more users need to become proactive and make sure that their system has all updates and learn about existing threats. According to Grayek, user education is key to turn passive users into proactive users.

In terms of the security provided by Windows Vista, he mentioned that it would be dangerous to rely on the increased security of the software alone. "That would be like saying 'I've just built the most secure in the world, so I do not need a security system'," he said. He stated that CA believes that major security flaws in Vista will be found "within a year." The fact that additional security software and education of users is required to protect computers would not be changed with Vista, he said.

In a recent blog post, Grayek criticized claims that the war against botnets has been lost. Despite quickly spreading attacks, he considers this war "far from over" and believes that it still can be won.

Botnets are typically a way to remotely control loosely linked PCs to attack other PCs in groups, to send spam or distribute viruses and worms. CA says that it is currently aware of "at least three groups with more than three million bots" - hijacked PCs of unsuspecting users. The botnet war is getting more elaborate as "botnet herders" - people who control groups of bots - begin protecting their bots from other herders and the financial incentive to use botnets gets more attractive. Grayek quoted a study that claimed that one bot could be worth 6.1 cents when sending spam.

Most of these bots, Grayek said, "belong to average people all over the world. Your mom, brother, sister, cousin, or friend may just as likely be a victim as anyone else and they, like so many others, are probably thinking that they are safe, sound, and could never be a victim of this whole botnet phenomenon." The real problem about botnets for the Internet community is that these PCs can't be shut down: "If we blocked every suspected bot, we'd be blocking out millions of legitimate users who have insecure, compromised PCs and need help to secure their computers."

Grayek thinks that it is a better solution to look at legal and technological ways to shut down the bot herders and "get the word out there to let people know how to find out if their own personal computer has been victimized and help return it to their rightful control." He believes that education of users is essential and a key strategy to make botnets unprofitable, which could mean that "the spammers will move on."

Moving on, however, will bring other threats, Grayek conceded. As a result, he believes that it is unlikely that all Internet users can be completely secure from security threats: "It's always a race between good and evil," he said and added: "There are always people who think they know better. No matter what we do, there's always a sheep out there for the wolves to attack."