Newsmaker: Don't be so quick to click that Web page

What a world. First worms and viruses, then phishing schemes. But now, cautions Trend Micro Chief Technology Officer Raimund Genes, your online life may get that much hairier.

Welcome to the brave new world of booby-trapped Web pages. If Trend Micro's predictions hold up, more cyberattacks will originate from the Web than they do from e-mail.

That shift is expected to take place sometime next year, according to Genes. CNET News.com caught up with Genes to find out how he sees the battle lines shifting.

Q: At the Gartner IT conference earlier this year, you talked about how Web threats are going to outdo or surpass e-mail threats. Can you flesh that out a bit? What do you mean by a Web threat?
Genes: Yes. A Web threat is something which uses the Internet to execute malicious activity. So, for example, even something which arrives via e-mail, if it can't survive without additional downloads from the Internet, it still constitutes a Web threat. It might be an e-mail containing a URL, but all the rest works via the Internet.

If an e-mail contains the URL, does it qualify as a Web threat or is it still an e-mail threat, according to your definition?
Genes: It's a Web threat because everything which needs the Internet to execute a malicious activity is a Web threat. What we are also seeing among enterprise users, with pretty tight security on e-mail, is that the main infection vector is actually over the Web. They do a good job in e-mail filtering, but a bad or no job at all when it comes to Web filtering.

Is that the only reason that Web threats are becoming bigger?
Genes: No, it's also because it's more attractive for the bad guys. If Webmasters are careless, then you have a perfect infection scene. You have a silent killer and you don't have the e-mail evidence to trace it back to the initial infection scene. It's perfect for espionage and all kinds of stuff.

If Webmasters are careless, then you have a perfect infection scene. You have a silent killer and you don't have the e-mail evidence to trace it back to the initial infection scene.

Are these Web threats targeted at a particular audience or are they pretty much trying to get whoever they can get?
Genes: Overall, they try to get anyone they can because it's mainly to plant a bot or to hijack a computer. Let's face it: everybody is a consumer somehow--especially the enterprise users who use a notebook at home.

How do you defend yourself?
Genes: You could outsource e-mail security. But with Web security, it's more difficult. You're talking about massive investments from the hosting sites to do this at an acceptable speed via an external proxy. I haven't seen this model really working. There are some start-ups offering this, but I wonder how much money they lose every month.

What can consumers do to guard or protect themselves?
Genes: They could do a lot. They regularly have to patch the operating system and the browser. No. 2: They should use alternative browsers. They shouldn't use widespread browsers like Internet Explorer. This doesn't mean that Firefox does not have vulnerabilities, but most of the Web threats we are seeing are connected to having Internet Explorer. By moving to an alternative browser, you already do a kind of risk mitigation.

You're not saying the solution is to install some kind of security software?
Genes: No. Of course installing security is, for me, baseline. It's like patching an operating system. But look: We could come out and say we will be able to protect all our users. But we never will be able to offer 100 percent protection. Nobody can.

More Newsmakers

[shane--2008]

and still...

99.999% of these threats will only work with a microsoft product.

and people still don't understand.

[cascadia4]

and you don't think...

And you don't think that as market share transfers to Linux or Mac that the people who build these malicious codes won't turn their attention to those operating systems?

[Below Meigh]

What a foolish response!

Or should I state, ignorant response? Myspace had many faults with embedded problems loading QT movies that users had on their sites. It was more than a week after the nefarious issues was public that Apple released fixes for QuickTime. Yes, Windows is a serious of holes, but don't think that there aren't issues with Linux nor Mac OS X. Once the malicious find a hole, they'll exploit it, and sooner than it will (eventually) get fixed.
Being naive to the internet's insecurities is the reason there are problems to begin with.

[cowtown75]

Web security - Identifying Malicious URL's

I would like to recommend on a very useful and FREE Web safety plug-in called Finjan Secure Browsing.
It adds safety ratings to URLs showing on search results and popular websites, to help protect you from spyware, adware and other web-borne threats. This cool plug-in scans URLs in real-time using unique proactive security technologies. This morning it helped me avoid one when I was using the web to get the distance from Columbus, Ohio to Tashkent, Uzbekistan.

To try Finjan Secure Browsing, go to http://securebrowsing.finjan.com/.
Its free.

[Penguinisto]

phishtank works well too

-it was originally built to warn folks of phishing sites launched from email. Google, Firefox as well as Opera (I think?) use it as a realtime blacklist of suspicious sites.

Can't see why it couldn't be expanded on a bit...

/P

[hadaso]

If you don't want a website to install malware on your PC jusr don't let it

Don't browse the web with administrative privileges. There is no reason to give every website the right to administer your machine (and then use an obscure browser an tons of "security products" to try to overcome the damages of the malware you let in through your front door!

[Macsaresafer]

Lots of Windows software has admin rights.

You may not be logged in as an admin, but your software can easily
get those rights. If you really don't want this to happen, you need
to use a safer operating system. None are 100% safe, but ALL of the
alternatives are much safer than Windows.

[Dr_Zinj]

Web pages eh?

Now that brings to mind a neat infection concept.
"Binary munitions" or in this case, multi-partite malware. Browse site one and it stuffs a peice in your RAM, browse site two and it sticks another peice in your RAM, etc until it accumulates all the peices, one or more of which activate the program when conditions permit it.

[mhinnewyork]

DropMyRights can help

The free DropMyRights program can run any application in restricted mode while the user is logged on as an admin. See this article from my Defensive Computing blog at blogs.cnet.com.

Every Windows XP user should drop their rights
http://www.cnet.com/defensive-computing/8301-13554_1-9756656-33.html