Advertisement
Promo

Security threats Toolkit

Symantec CEO urges shift in security tactics

Michael Kanellos CNET News

Published: 20 Nov 2003 09:50 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Better computer security can be achieved, but it is going to be a mammoth task, according to John Thompson, chief executive of Symantec.

The increasing number and sophistication of computer attacks requires that companies, businesspersons and consumers rethink their strategies for dealing with worms and other exploits, Thompson said during a keynote speech at Comdex in Las Vegas on Wednesday. The focus on security needs to shift from cleaning up after a problem to anticipating potential problems, he said, with automated patch management and better coordination of software and hardware.

"Security needs to move beyond its niche focus," he said. "We need more integrated security technologies."

Otherwise, it will be impossible to keep up, Thompson claimed.

"More than 100 new viruses are identified every week -- and 60 new software (problems) every week," he said. "We saw a 19 percent increase in attack activity in the first half" of 2003.

Nastier types of bugs are also being developed all the time, he noted. In the relatively near future, the world will likely see the debut of damaging threats the industry is calling "Warhol" attacks, as they are likely to achieve fame by spreading across the Internet in 15 minutes. "Flash" threats might be able to blanket the Internet in 30 seconds.

"Day Zero" threats, which exploit previously unknown vulnerabilities, will hit without warning, the Symantec chief added.

To further complicate things, the rise in attacks will occur in tandem with a growing need to simplify technology, he said. In Boston, for example, the Internet Home Alliance, a trade group dedicated to promoting the connected home, is running a pilot scheme that has 20 families living in fully Internet-enabled homes and reporting about their experiences. Such Web-connected appliances will have to be properly protected against hacker attacks.

"There may come a point where users look at technology as more of a liability," Thompson said, adding that the modern version of hell just might involve being "condemned to set up a home Wi-Fi network linking a number of PCs with a badly written manual and technology support, putting you on hold for eternity".

That security problems remain rife doesn't mean the topic isn't being taken seriously by the industry and its customers. The US government is providing $30m (£19.2m) to the US Office of Personal Management's Cyber Corps Scholarship For Service program, to encourage college students to go into the security technology field. In the program, students are given scholarships, but then have to work for the government for a limited time after graduation.

Corporations are also taking action to stem attacks, such as creating more homogeneous computing environments or taking part in initiatives such as the Network Admissions Control programme to ban insecure mobile devices from corporate networks, announced Tuesday by Cisco Systems.

Thompson stated that a shift to Linux from Microsoft wouldn't be a sure way to avoid the kind of recent suffering caused by viruses that exploited holes in Microsoft code.

"If and when the Linux target set gets as rich as Microsoft's, I believe you will find more vulnerabilities than you do today."

Spam -- for a fee
In his keynote, Thompson largely showed the confidence of someone who has delivered a lot of speeches, but he did show some fire when the follow-on discussion came to spam, or unsolicited junk email. He hates the stuff -- more specifically, he hates that network providers don't stop it.

The problem, he maintained, could be solved if carriers charged spammers for sending hundreds of thousands of emails or simply stopped carrying traffic from sites spouting a huge amount of email.

"If you are going to send all of this crap over my network, damn right, you should pay for it," he said during a question-and-answer session after his speech. At least with junk mail, "you know someone had to put it together and send it."

Legislation won't be the answer, according to Thompson. "I don't think it is enforceable. How does the US enforce spam? How does Virginia stop spam? It is illogical," he said.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
62 out of 112 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:








Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters