Transitions: welcome to the new old world

2011-01-01

Andrew Lee

Independent researcher, UK
Editor: Helen Martin

Abstract

Andrew Lee takes stock of the anti-malware industry and the world at large as we stand on the cusp of a new decade.


We stand on the cusp of a new decade (figuratively speaking, of course – actually standing on a cusp might be somewhat impractical): the second decade of this century. It should therefore come as no surprise that every journal, blog, television channel and newspaper is awash with retrospectives of the last ten years and jammed fuller than a Christmas/(insert your feast day of choice) postprandial stomach with predictions for the future. Humans seek out patterns (not signatures), and the cyclic positioning of the earth and other planets around our closest star is a pattern that provides endless opportunities for pontificating on the past and future.

Indeed, plenty has happened in the last 10 years. If the news reports are to be believed (and personal experience as a frequent flyer suggests they are), we have moved into a very different world from the one we inhabited in the year 2000.

In late 1999, many of us spent countless (ultimately wasted) hours supposedly preventing the end of the world. This was to be visited upon us in the form of the ‘Y2K’ problem – a global apocalypse which turned out to be not much more than an excuse to laugh at very solemn news reporters who had nothing to report for 12 hours, as we (Poor Bloody Infantry in tech support) sat in our offices playing solitaire, watching our servers not exploding, and rubbing our hands in glee in anticipation of large overtime payouts. But this, it seems, was only the harbinger of a series of real disasters which ultimately served to demonstrate that the world (like its media organs) is irretrievably bound together by instant communications, and relies to the point of absurdity on the Internet as a means to transmit, store and disseminate information.

This turbulent past decade has brought us through tragedy: the destruction by terrorists of New York’s World Trade Center (amongst other terrorist acts), the deaths from tsunamis and floods in Asia that killed hundreds of thousands and displaced millions, hurricanes in the USA that killed thousands more, wars (not only in Iraq and Afghanistan), ethnic strife in Darfur, earthquakes, famines, fires, mining disasters, oil spills, and the collapse of both the dot-com industry and (more recently) almost the entire global economy. Whether this is truly worse than, say, the years 1914–1918, when millions were killed in global wars, or 1665–1666, when Londoners faced plague followed by fire, or the countless wars, famines and disasters stretching back through history, is perhaps only a matter of perspective – there are few people alive who can say that they lived through those times.

We also saw the emergence of incredible new technologies (or ‘magics’, as Arthur C. Clarke might have described them), and amazing positive change. This was the decade that truly saw the coming of age of mobile computing (smartphones, netbooks, laptops and now iPads) as a phenomenon. Medical science saw the mapping of the human genome, the cloning of livestock, the creation of non-embryonic stem cells for research and the elimination of the Rinderpest ‘cattle plague’ virus. Engineers oversaw the construction of the world’s tallest building – the 828m Burj Khalifa Tower in Dubai (although quite what it’s for is another matter). Brazil and India experienced incredible economic growth, lifting millions out of poverty. And in entertainment, James Cameron made Titanic and Avatar, the two highest grossing movies of all time (though perhaps I should have added those to my negatives list, along with the potential cloning of celebrities and the technology that enables endless replays of yesterday’s Christmas hits).

Putting change into context

So why start like this? What does any of this have to do with security, and in particular anti-malware?

Well, for one thing, it seems important to put change into context. As so many have pointed out in retrospectives, the massive ‘Internetization’ (let’s see if that one makes it into the Oxford English Dictionary in the next decade) of the world has meant that we have moved from hobbyist, slow-spreading viruses that we could inspect and analyse at our leisure, to a global swarm of malicious software used for criminal exploitation. We can clearly see from history, that wherever technology leads, crime will follow. The turning points can easily be identified: Loveletter, Slammer, Blaster, Bagle/Netsky, Storm, and most recently Stuxnet (to those who still care about naming, I apologize for using populist names).

Of course, crime has always existed online – AOL password stealers, trojan diallers and so on have been around since the early days – but the scale now is simply staggering, as is the convergence of the ‘undesirable’ elements of Internet life: phishing, spam, spyware and malware, exploits and scams. The Internet has become a monster, and the criminals have successfully ridden its back as it has rampaged across the face of our civilization.

It is fashionable in some circles – unfortunately the ones in which many of us move – to discount the anti-malware industry as a hopelessly beleaguered dinosaur, still peddling its snake oils and balsams to the gullible and guileless user. The seismic events that caused the destruction of those ancient noble beasts have their parallels in the modern day, but despite the constant buffeting and an occasional fiery meteor, the AV industry prospers and indeed thrives. Conspiracy theorists may point to the past ‘signatures is all we do’, and highlight our failures – but they truly fail to appreciate the incredible innovation that has driven this industry forward.

How many products can claim to have such a broad reach, be updated so often, have such versatile functionality, and yet operate efficiently at the very lowest levels of modern operating systems (themselves unbelievably complex beasts)? Apart, of course, from the peddlers of rogue anti-virus for whom the process is as simple as writing a few more Javascripts and processing the income.

A dark corner

Let us, then, imagine how a world without anti-malware might look. In fact, we do not need to stretch our imaginations too far. There is one dark corner of our universe where security still plays second fiddle to ‘usability’; here the users remain blissfully unaware of the dangers that lie in wait for them, and they have no way of even knowing that such dangers exist. Of course, I’m talking about the wonderfully designed world of Apple Mac.

Here, it is still rare to find a voice that will openly admit that there is any problem, that there could ever be any problem, or that such a problem might be worth tackling. We, as anti-malware and security practitioners, know that from such gossamer we can stitch the emperor’s new clothes; and we know that all that stands between the Mac user and the apocalyptic floods of malware so well known to the Windows user is economics – market share.

Why, when they are so successfully depleting the financial reserves of hapless Windows users, would an attacker bother with a lowly OS that has only around 5% of users? Indeed, anyone who bothers to track these things (as I have been doing for over 10 years), will know that as the market share of Apple has grown, so have attacks on users of Apple’s products – in exactly the same way that the growth of social networks such as Facebook and Twitter have given rise to malware for those facets of what might be termed the ‘Internet operating system’.

So we could come to a point where the user might have no knowledge of any malicious exploitation, simply because there would be no ‘sentient’ program which might inform him of such activity. Just imagine the disaster if this were true today in the Windows world. In an alternative reality where this industry did not exist, every day corruption and fraud would exponentially increase the negative impact on our global economy, which would stifle take-up of technology and ultimately drive millions back towards poverty. Megalomania? I don’t think so. The very real truth is that, on the whole, this industry does a thankless job in a situation in which the attacker constantly has the advantage – yet, it does that job unrelentingly, and some of the world’s finest minds are bent towards ensuring that the levees do not break, that the missiles do not cause widespread destruction, and that the digital hurricanes do not leave millions at the mercy of the criminal elements that would so love to exploit them.

Making a difference

As we move into a new decade (or rather, as the earth continues to take its customary route around our central star) we surely will face new challenges. And, as we face those challenges, we will struggle to do all that we can to provide innovative protection, we will do all we can to stay one step ahead of the attackers, and we will try, against the odds, to stem the tide.

Sometimes we will fail for some of our users. Sometimes we will wish we could have done better. Sometimes we will be slated for it in the media. Sometimes people will stand up and say we’re worthless. Sometimes we will wish that we could have a time machine, or a flying car, or that we could develop prescient powers greater than Nostradamus.

But at other times we will succeed. And, those will be the times when we justify our existence. Because a user somewhere didn’t lose their credit card details; because a child wasn’t exposed to pornography; because a factory didn’t get shut down by malware and the workers kept their jobs; because Grandma still got that email with pictures of her new baby granddaughter.

The fact that sometimes we will miss our targets, or fail to protect where we might have done, makes us no different from any army in the world – but for all that, we know that we still make a difference. So, here’s to the next decade, where we will look back and wish for the quiet halcyon days of the 00s – or at least hope we won’t have to balance precariously on any more cusps.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.