:: EXECUTIVE BRIEFINGS ::
A big question in the world of malware, says Mary Landesman, senior security researcher for ScanSafe, is whether rules and regulations can be developed and applied with enough flexibility to make them effective. There is no doubt that regulators and legislators have their hearts in the right place, but the foes are so clever and agile that instituting a set group of rules may make malware-fighters' jobs more cumbersome — and even eliminate some existing protections.
The world of malware is changing. Until relatively recently, mass and indiscriminate attempts were made by the dark side, hoping that just a small percentage of attacks would succeed. Today, says Mike Sunner, the chief security analyst for MessageLabs, far more targeted attacks address potential victims by job title and even name. The costs of these exploits are more difficult to determine, he says.
There are two classes of threats from malware, says Computer Economics president Frank Scavo. The first — and older — are direct attacks that seek to do as much damage as possible. Indirect attacks are far more insidious efforts aimed at stealing information that can be parlayed into bigger paydays.
The good news is that every threat on the Internet is met by a large group of clever people who want to make a name — and some money — by figuring out how to fix things. Evolving approaches, says Third Brigade CTO Brian O'Higgins, are host intrusion prevention systems that prevent malware from doing its nefarious jobs until a patch can be deployed.
