======================================================================== SECURITY ADVISER: WAYNE RASH http://www.infoworld.com ======================================================================== Thursday, September 16, 2004
Network protection commentary by: Wayne Rash A LITTLE PERSPECTIVE, PLEASE By Wayne Rash Posted September 10, 2004 3:00 PM Pacific Time When I started writing this column nearly two years ago, the first thing I did was to warn that the problems of worms, viruses, and other malware were going to get a lot worse very soon. I was almost right. Worms and spyware (which I didn't mention at the time) are orders of magnitude worse then they were in the first days of 2003. The virus problem seems to pale in comparison. A new problem, phishing, has appeared. And of course, spam has reached the point where it's the majority of all e-mail. ADVERTISEMENT -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- SSL or IPSec: Which VPN is best for remote access? Your users want access to more applications, from more places, using more devices. To accommodate these demands and still protect the network from increasing threats, you need greater control over access from kiosks, PDAs, and home PCs. Clientless SSL VPNs are more secure, easier to manage, and cost less than IPSec VPNs. Learn more about the differences in Aventail's free white paper, "Comparing Secure Remote Access Options: IPSec VPNs vs. SSL VPNs." http://newsletter.infoworld.com/t?ctl=8BD2D9:2B910B2 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- In those days, it was clear that worms would be come a real threat, and they have. In fact, the threat became so bad that Microsoft had to respond with a major new upgrade to Windows much sooner than the company had originally planned. Companies everywhere, in the meantime, must spend their IT dollars just keeping these problems at bay. Worse, there's no clear end in sight. But at least there are hopeful signs. Major ISPs now automatically scan for worms and viruses sent to their customers. Anti-virus programs scan for them as well. Likewise, major ISPs are short-circuiting spam before it ever gets delivered. Companies are doing the same thing, sparing employees from the productivity-sapping need to unclog their mailboxes. While it's unlikely that such steps alone will eliminate spam or worms, it at least gives users of such services some breathing room. Even better, if enough providers and enterprises attack the problem, it may make spamming, at least, less profitable. Worms, unfortunately, don't seem to be related to a profit motive. Phishing is the next big threat to the enterprise, both because it can be effective at compromising security, and because it removes e-mail as an effective means of contacting customers about business. Unfortunately, there don't seem to be a lot of automated anti-phishing tools available right now, which means that all you can do is train your employees how to spot a phishing attempt and what to do about it. What's frustrating is that in nearly two years, so little has changed. Although viruses seem to be going away, I suspect it's only because the virus writers would rather write worms. Meanwhile, phishing schemes and spyware add new threats we didn't think much about until recently. Unfortunately, even if you do everything right, you can't always stay ahead. But that doesn't mean you should abandon hope. If you play close attention to the basics, you can stay on top of the flood of bad stuff. Yes, it means that you must spend too much time with patch management, you must keep a constant eye on vulnerabilities, and you must work without end to keep your users trained. But you should be doing that anyway, right? As you may have gathered from the nature of this column, this is my last column for InfoWorld. P.J. Connolly will get this space back starting next week, and he will share his unique and always interesting thoughts with you. I'm already looking forward to his first column, in which, he tells me, he disagrees with something I said. Before I go, I must say thanks. First, I want to thank my editor, Stephanie Sanborn, who put up with me for all this time. For Stephanie, the ultimate praise: I'm a better writer because of her efforts. Second, I want to thank you, my readers. While I've been writing to you, I've had praise and brickbats, interesting comments and silly ones. But you never let me forget that in the end, I'm writing for you. Good-bye, and thanks for reading. Perhaps our paths will cross again some day. Wayne Rash is a senior analyst at the InfoWorld Test Center. ======================================================================== Keep Up with the (Dow) Joneses - and Everyone Else InfoWorld Test Center technical director Tom Yager knows lots of technologies, companies, and strategies. That's why you're likely to find out about something you didn't know in every issue of his free weekly Enterprise Strategies newsletter. From how to pick ASPs to the marriage prospects of P-to-P and B2B. Hey - every good idea is working for somebody, maybe even your competition. Subscribe at http://newsletter.infoworld.com/t?ctl=8BD2D5:2B910B2 ADVERTISE ======================================================================== For information on advertising, contact [EMAIL PROTECTED] UNSUBSCRIBE/MANAGE NEWSLETTERS ======================================================================== To subscribe, unsubscribe or change your e-mail address for any of InfoWorld's e-mail newsletters, go to: http://newsletter.infoworld.com/t?ctl=8BD2D6:2B910B2 To subscribe to InfoWorld.com, or InfoWorld Print, or both, or to renew or correct a problem with any InfoWorld subscription, go to http://newsletter.infoworld.com/t?ctl=8BD2D8:2B910B2 To view InfoWorld's privacy policy, visit: http://newsletter.infoworld.com/t?ctl=8BD2D7:2B910B2 Copyright (C) 2004 InfoWorld Media Group, 501 Second St., San Francisco, CA 94107 This message was sent to: [EMAIL PROTECTED] ------------------------ Yahoo! Groups Sponsor --------------------~--> $9.95 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/BCfwlB/TM --------------------------------------------------------------------~-> <a href=http://English-12948197573.SpamPoison.com>Fight Spam! Click Here!</a> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/kumpulan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
