Symantec CEO urges shift in security tactics
Published: 20 Nov 2003 09:50 GMT
Better computer security can be achieved, but it is going to be a mammoth task, according to John Thompson, chief executive of Symantec.
The increasing number and sophistication of computer attacks requires that companies, businesspersons and consumers rethink their strategies for dealing with worms and other exploits, Thompson said during a keynote speech at Comdex in Las Vegas on Wednesday. The focus on security needs to shift from cleaning up after a problem to anticipating potential problems, he said, with automated patch management and better coordination of software and hardware.
"Security needs to move beyond its niche focus," he said. "We need more integrated security technologies."
Otherwise, it will be impossible to keep up, Thompson claimed.
"More than 100 new viruses are identified every week -- and 60 new software (problems) every week," he said. "We saw a 19 percent increase in attack activity in the first half" of 2003.
Nastier types of bugs are also being developed all the time, he noted. In the relatively near future, the world will likely see the debut of damaging threats the industry is calling "Warhol" attacks, as they are likely to achieve fame by spreading across the Internet in 15 minutes. "Flash" threats might be able to blanket the Internet in 30 seconds.
"Day Zero" threats, which exploit previously unknown vulnerabilities, will hit without warning, the Symantec chief added.
To further complicate things, the rise in attacks will occur in tandem with a growing need to simplify technology, he said. In Boston, for example, the Internet Home Alliance, a trade group dedicated to promoting the connected home, is running a pilot scheme that has 20 families living in fully Internet-enabled homes and reporting about their experiences. Such Web-connected appliances will have to be properly protected against hacker attacks.
"There may come a point where users look at technology as more of a liability," Thompson said, adding that the modern version of hell just might involve being "condemned to set up a home Wi-Fi network linking a number of PCs with a badly written manual and technology support, putting you on hold for eternity".
That security problems remain rife doesn't mean the topic isn't being taken seriously by the industry and its customers. The US government is providing $30m (£19.2m) to the US Office of Personal Management's Cyber Corps Scholarship For Service program, to encourage college students to go into the security technology field. In the program, students are given scholarships, but then have to work for the government for a limited time after graduation.
Corporations are also taking action to stem attacks, such as creating more homogeneous computing environments or taking part in initiatives such as the Network Admissions Control programme to ban insecure mobile devices from corporate networks, announced Tuesday by Cisco Systems.
Thompson stated that a shift to Linux from Microsoft wouldn't be a sure way to avoid the kind of recent suffering caused by viruses that exploited holes in Microsoft code.
"If and when the Linux target set gets as rich as Microsoft's, I believe you will find more vulnerabilities than you do today."
Spam -- for a fee
In his keynote, Thompson largely showed the confidence of someone who has delivered a lot of speeches, but he did show some fire when the follow-on discussion came to spam, or unsolicited junk email. He hates the stuff -- more specifically, he hates that network providers don't stop it.
The problem, he maintained, could be solved if carriers charged spammers for sending hundreds of thousands of emails or simply stopped carrying traffic from sites spouting a huge amount of email.
"If you are going to send all of this crap over my network, damn right, you should pay for it," he said during a question-and-answer session after his speech. At least with junk mail, "you know someone had to put it together and send it."
Legislation won't be the answer, according to Thompson. "I don't think it is enforceable. How does the US enforce spam? How does Virginia stop spam? It is illogical," he said.
Did you find this article useful?
61 out of 110 people found this useful
- Share this article:
