Security Trends

MalwareLike everything else about technology, viruses evolve. They appear everywhere from social networks to your smartphone, so being prepared is more important than ever. By Drew Turney.

Despite conventional wisdom, the biggest change in the computer virus hasn’t been the Internet. In the early web era the basic security methodology hadn’t changed since we passed programs around on floppy disks – be careful what you install. Being skeptical of spam with dodgy attachment was protection enough and even if you were caught out, malware often did little more than copy and send itself to all your contacts, it didn’t empty your credit cards.

The biggest changes have been twofold. First, the new computing landscape means you don’t need to install nasty bugs to fall victim any more. And second, what used to be about bragging rights for computer nerds is a lucrative commercial enterprise that costs the global economy US$114bn annually in direct losses ($1.8bn in Australia) and another US$274bn lost while businesses to get back to operating capacity.

Rather than deface or cripple your website, crooks today want to get in and out without you even knowing. The whole point of phishing, for example, is to trick you into giving them login information to your bank or Paypal account.

Over the last few years, social networking has overtaken email as the killer app of the Internet and as we’ve flocked to Facebook, Twitter and LinkedIn, data pirates follow. Our mass connectedness has seen the rise of social engineering, the online equivalent of a confidence trick designed to fool you into giving up passwords or other access that leads to identity theft.

But even if you’re vigilant about your own information, friends you’re connected to are likely connected to people you don’t know, and just one weak link gives hackers open slather across your networks. A message from a friend about a cool Facebook game might seem harmless, but your friend might not have sent it, the ‘game’ actually a self-replicating app that sends your message history to Russia where crims can scan it for your credit card number.

The other new Wild West for hackers is malware that targets mobile operating systems like Android, iOS (iPhone) and Windows Mobile. Sometime this year smartphone handsets will outsell PCs and by 2015, we’ll be using them to access the Internet more than desktop systems.

That’s a sobering thought because most of us don’t realise our flashy phone full of apps is a fully featured computer, and we’re not nearly as careful with mobile data as we are on PCs. Scarier still is that last year Google said 48 percent of Australians had used a mobile for financial transactions – more than in the UK, Japan and France.

In taking up the smartphone in record numbers (the growth rate of our adoption in the Asia Pacific region is second only to Singapore), we’ve opened ourselves up to the hundreds of new vulnerabilities identified over the last two years, a number that will keep skyrocketing along with our love affair of mobiles and tablets.

But the effort to fight back continues apace. Change will come about firstly because of the increasing popularity of BYO devices in the workplace. Rather than carry a corporate phone workers want to use their own personal devices with all the security vulnerabilities the mobile operating systems bring.

With more sensitive corporate data on handsets, the security burden across the entire mobile sector will start with corporate IT departments and (hopefully) educate us all about mobile security.

Security vendors are also protecting us/getting a slice of the action (depending on your capitalist worldview). The world’s data footprint (the amount of computer data that exists) is growing at a whopping 40-60 percent a year, and scanning it all in realtime as it transmits will only cost more in system resources. Older methods like heuristic signatures are combing with reputation-based file profiles reported by an entire customer base to make virus protection faster and smoother.

Once again, it’s a brave new world in the arms race for control of your data.