Home About UsOur mission, Our name, Contacting us Events & Topics Articles Business General Technical Surveys FAQ

Windows Attacks - Malware, Spyware, etc.

by Ed Sawicki
Accelerated Learning Center
Tailored Computers

August 25, 2004

McAfee's presentation at the recent PANUG meeting had one central theme: We're going to be spending a lot more time and money protecting Windows computers. Windows malware is becoming a critical business problem.

Why?

The McAfee presenter said that viruses and attacks are coming more frequently and are more sophisticated. Everyone I talk to seems to agree that the average time to infect an unprotected Windows computer connected to the Internet is now 20 minutes. That's not enough time to fetch and install patches. This puts Windows software distribution in jeopardy. Shipping buggy software and expecting users to patch the system in the field no longer works reliably.

---

... all firewalls are becoming ineffective
at stopping Windows attacks.

---

This is why Microsoft is making a big deal about how XP SP2 enables the firewall before the system connects to the Internet. Given the sophistication of recent attacks, it's doubtful that SP2's firewall will solve the 20-minute problem. Not only is XP's ingress-only, packet-filtering firewall ineffective against sophisticated attacks, all firewalls are becoming ineffective at stopping Windows attacks.

It's difficult to prevent malware attacks now and may be nearly impossible in the future. It's becoming difficult to detect malware running in your computer now and it will be more difficult in the future.

More Sophisticated

Malware writers are using techniques that are far more sophisticated than I thought a week ago. A few days ago, I was referred to a series of stories called Follow the Bouncing Malware. The story is in Parts.

Part 1

Part 2

Part 3

Part 4

Part 6

Part 7

Part 9

For many of you, trying to follow the details of the attack will be too tedious and you'll bail out before reading most of it. Just know that these attacks are very difficult to detect and protect against.

How much more money?

How much more money should businesses expect to spend maintaining Windows environments? One of McAfee's boxes that addresses the malware problem costs $100,000. Annual support on top of that. There are cheaper units for smaller companies but their cost is still a good chunk of your salary. IT budgets will need to grow to handle this protection.

Remote Detection & Prevention

I have no idea how well McAfee's units function at malware detection and prevention. However, McAfee got it right when they decided to put malware detection and prevention in an external box. Virus scanner programs that run on the computers that might be infected have always been a poor design.

A different approach to malware detection and prevention is taken by Tailored Computers, my company. We've designed a system that detects nearly all forms of malware and prevents most of it from "phoning home". Our system can also notify you when one computer in the company tries to infect others.

Our system does not rely on knowledge of how individual malware operates, eliminating the need for frequent updates and expensive annual contracts.

Back