Scary security numbers from Trend Micro

I often tell people that the state of information security is far worse than they think. Yes, I realize that the security industry loves this type of messaging because fear sells product, but I truly believe that things are really bad.

This morning I met with security company Trend Micro to discuss security trends and upcoming products. The data that Trend presented was even frightening to a security pessimist like me. Case in point:

1. Newly created Web threats grew 1,564 percent from Q1 2005 through the end of 2007. That's nearly 200 percent growth every quarter. This is due to the large number of variants written off of a base of the original threat.

2. In 2005, Trend examined less than 1 million malicious code patterns. In 2007, there were nearly 5.5 million malicious code patterns. In the first four months of 2008, Trend has already seen more than 2 million.

These numbers point to the fact that the bad guys are winning. Even the most sophisticated security departments at enterprise organizations are no match for this onslaught. We really need to re-think our security model by adding "up the stack" layers of defense (i.e. more application protection), building in end-to-end trust, and working with expert security service providers like Trend Micro and others.

Note to chief information security officers: The worst thing you can do is go it alone.

Jon Oltsik is a senior analyst at the Enterprise Strategy Group.

[krosavcheg]

www.qualys.com Do a free scan at least.

[mbuzdor]

The security world is VERY scary. I worked for a US-wide chain of consumer IT support that is a subsidiary of the largest electronics retailer in the world (you know who I'm talking about-you know, those "geek" guys) for 3 years, and 80% of all the work we did was removal or prevention of viruses/spyware. The fact that no one security solution is enough any more says a lot. The average internet user, equipped with antivirus and one antispyware program will still become infected. And Vista has seen little improvement concerning these internet-based spyware attacks. If one is accidentally installed, not only does Vista not prevent them as much as its creators would like to believe, but the results are more devastating and harder to recover from with Vista. Although Vista is honestly vulnerable to fewer of these spyware/adware intrusions. In order to stay secure, I used to run antivirus software, 2 antispyware programs; one actively running in the background, the other more directed at scanning, a hardware firewall (in a router) AND a software firewall. With all that, my wife still got my computer infected simply by clicking on the wrong ad. That was 4 years ago...

It's a scary world out there on the web, but what I have noticed that makes the most impact is safe browsing habits. Here's what I do:
1. Never click on ads, even if they seem interesting or genuine.
2. Never open emails from senders you do not know.
3. Never click on links sent over instant messengers.
4. Avoid public blog/social sites as most of them gain 100% of their revenue through ads and do not test the companies that pay them to put ads up; therefore many of the ads are infectious.
5. Avoid using search engines and when using them, only click on results that the domain name is evident and clearly related to your search.

Using these browsing habits, I have cut down my security to an antivirus solution and a router and have not been infected in 4 years.

And then there's wireless; I avoid it at costs. But that's just me.

[benjaminstraight]

Curiousity is what gets people.