[Infowarrior] - Internet security moving toward "white list"

[Richard Forno]

Internet security moving toward "white list"
A sea change in how computers are guarded is on the way, with anti-virus
vendors looking to reverse their protection philosophy
September 17, 2007
By Peter Nowak, CBC News

http://www.cbc.ca/news/background/tech/privacy/white-list.html

Internet security is headed toward a major reversal in philosophy, where a
"white list" which allows only benevolent programs to run on a computer will
replace the current "black list" system, which logs and blocks an
ever-growing list of malevolent applications, internet security giant
Symantec Corp. says.

The number of malicious software attacks, including viruses, Trojans, worms
and spam, is rising exponentially, dwarfing the number of new benevolent
programs being developed, making it increasingly difficult for security
firms to keep up.

The solution, according to Symantec's Canadian vice-president and general
manager, Michael Murphy, is to reverse how protection against such attacks
is provided. Under the current system, a security firm discovers a new
threat, adds it to its black-list database and updates its customers'
anti-virus software to combat the problem. A "white list" would instead
compile every known legitimate software program, including applications such
as Microsoft Word and Adobe Acrobat, and add new ones as they are developed.
Every program not on the list would simply not be allowed to be function on
a computer.

"This is the future of security technology," Murphy said at a presentation
of the company's twice-yearly security report on Friday. The trick is to
develop a "global seal of approval."

A white list would likely require co-operation and funding from a majority
of players in the technology industry. Industry observers think it is a good
idea, but it raises several issues. The oversight body would have to be
neutral, mindful of open-source software ‹ which is quickly and often
modified ‹ and speedy in its approval process.

"The bad guys are moving quickly and the good guys are moving quickly and
the innovators are moving quickly. If the judges are taking months to judge
things, then that's not fair to anybody," says Bill Munson, vice-president
of the Information Technology Association of Canada. "That's not in the
industry's or society's interest."

In its security report, Symantec said the incidence of malicious code was up
drastically in the first six months of 2007. Symantec found more than
212,000 new malicious code threats, up 185 per cent from the last six months
of 2006. Trojans, or programs that appear to perform one function in order
to hide a malicious one, made up 54 per cent of the volume of the top 50
malicious code reports, up 45 per cent over the prior six months.

Trojans are particularly on the rise in North America, Murphy said, because
Canadian and U.S. internet markets are more highly developed and thus
protected from less-sophisticated and easy-to-identify attacks, such as spam
and basic viruses.
Hackers beginning to steal from victims

The other big trend, Murphy said, is that hackers are no longer perpetrating
attacks just for fun. Rather, these people are increasingly looking to
extract money from their victims.

"This is a sea change," he said. ""It's not just a pimply-faced boy in his
parents' basement. That certainly may be part of the situation, but now it's
for profit."

Would-be hackers can buy software toolkits that allow them to create their
own phishing attacks, where the criminal tricks a person into disclosing
sensitive information such as a bank account number, for about $1,250. The
black market for stolen information gleaned through such an attack can be
lucrative, with an e-mail password selling for up to $350 US while a bank
account number can fetch up to $400 US, Murphy said.

In the first six months of 2007, Symantec found 8,011 distinct credit cards
being advertised for sale on the black market, but that number represented
only a small portion of the total being sold. The advertised card numbers
are used only to attract buyers, who then purchase numbers in bulk, which
are not advertised.

Symantec said about 85 per cent of the stolen card numbers in circulation
are American in origin, but did not disclose how many came from Canada.

Overall, Canada has fared well in combating malicious attacks, particularly
spam. In the past, Canada has ranked as high as fifth in the world in terms
of the volume of spam that is received, but internet service providers here
have done an excellent job of attacking it, Murphy said, with the country
dropping to 12th in the latest study. However, the bad news is that spam
still accounts for 61 per cent of the world's e-mail, up from 59 per cent in
the previous period.