It's increasingly evident that antivirus programs, firewalls and other procedures are throwing a monkey wrench into crackers' plans, including efforts to create botnets.
A particularly insidious way of raising these dark armies is by infecting unsuspecting machines through their browsers when they visit otherwise legitimate sites. Distributing malware by such methods is akin to contaminating the food supply. The food is bought by a legitimate store or restaurant in good faith, but it infects customers before the owner has any idea that there is a problem. This Nick Carr post at Rough Type has some numbers on how often this is happening, and the picture isn't pretty.
Carr's post is in reaction to the news that the company with just about the most at stake -- and with the most opportunity to do something to meet the challenge -- is getting into the act. A paper entitled The Ghost In the Browser, written by a group of Google engineers, outlines plans to combat these attacks.
Search engines create entries using data collected by software programs -- called spiders -- that continually traverse the Internet. The Google researchers plan to add code to its spiders that will segregate pages that appear to be trying to do something underhanded. Those pages will be subject to further tests. If found to be malicious, they will enter the search engine with a warning label.
Such a move -- which undoubtedly will be emulated by the other search engines -- will be fascinating to watch, especially at the beginning. At first, a tremendous number of legitimate sites will be saddled with the warning label. An uproar will ensue, which will be worth the price of admission (at least to journalists). In the long run, however, this is a major move toward securing Web 2.0, a vision of the Net that is more open, interactive and collaborative -- and vulnerable to mischief.
The plan as described by Carr's blog and the Google paper seems like a necessary step. The final result will be that the food fight between the good guys and bad will resume on this battlefield (Can crackers break or circumvent the updated spiders?).
Despite the scary headlines, the institutional advantage generally rests with the white hats. There is a lot of inertia, but once the industry sees its existence threatened it takes action. Consider how deployment of firewalls, intrusion detection systems and adherence to best practices has become de rigeur. The gap between this establishment and the dark side is entering a new and perhaps more intense phase, however, as organized crime moves more fully into cyberspace. In that context, the emergence of Google as a major player in the next iteration of the security wars clearly is good news.