We have a massive problem with the Internet. The massive penetration of malware has reached epidemic proportions, and it’s hard to see how to fix it. This PDF has some great slides that show how the malware industry works.
Everyone you ask will have a different target to blame: Microsoft, application vendors, insecure protocols and standards, the police, clueless users . The real problem is a network effect - it really takes a combination of failures to make this problem as gigantic as it now is. There is a real risk of the end of the Internet as we know it.
A good example of this is the Storm Worm. When this hits, we could see the largest piece of military or economic infowar ever undertaken, presumably depending on who they auction their network to. Seriously, this is going to be huge.
Unless the security community take their responsibilities seriously and combat this directly, it’s hard to know how the Internet can cope with such widespread infection. However the state-sponsored police organisations are woefully clueless, and the guys who know what to do are paralysed by fear of prosecution, fear of making a mistake, and fear of execution by Russian hit-men. Seriously. If this was a movie, you wouldn’t believe it.
Good job I use Mac
Those who know know that this isn’t fantasy. One comment: the problem is that there’s no such thing as the “security community” — as you say, those with power are clueless, and the others are in hiding; then there are vested interests like Microsoft who could have fostered a secure ‘net but saw nothing in it for them, only the cost of replacing Windows which the winds howl through. Instead they fostered a minefield.
Re vested interests: On the one hand there are powerful companies (like MS) who had little incentive to address growing security problems. Then there are other legitimate companies who positively benefit from it, like Google profiting from click fraud, and anti-virus vendors who have no incentive to stemming the tide even if they could, and have a vested interest in cultivating a climate of fear.
I am reminded of a piece by Naomi Klein in yesterday’s Guardian about disaster capitalism and the vested interests in promoting a feeling of insecurity.
But perhaps we’re not still not feeling as insecure as we should.