Security Predictions for 2008
Roger Grimes over at InfoWorld provides some of his predictions on the state of security in the new year.
First, the good newsOverall, compliance laws (and years of bad press) finally forced most organizations to encrypt more data and laptops by default. Chances are these days that if a thief steals a laptop it will be password protected and its data encrypted. More developers are utilizing SDL (secure design lifecycle) in their programming, taking into account from the beginning the malicious risks posed to and by their applications. Overall, exploits aren’t down significantly, but they are in the software where SDL is used. In addition, more organizations are using stronger password policies and two-factor authentication. The number of identity thefts has leveled out or even begun to drop. All of these trends are good.
Now, the bad news...
Sadly, the overall computer security picture hasn’t changed much. The Internet is still a very dangerous place to compute. Malware, adware, and spam still make up a very large portion of Internet traffic. Professional criminals control millions of computers turning our futuristic superhighway into the wild, wild, west. Personally, nearly every PC I investigate is filled with worms, spyware, and adware. Antivirus software continues to be embarrassingly inaccurate against the newly created malware churned out each day. Distributed Denial of Service attacks still go on unabated and are very hard to defend against...[snip]
The future
Predicting the future of malware is actually pretty easy. All you have to do is look at the increasing trends and figure out what technologies and platforms will be hot in the next year or so. Hackers hack what is hot.
If Apple computers gain market share as I’m sure they will do in 2008, then you can expect more Mac malware. Mac malware is showing up in greater numbers, and Apple already has its hands full patching and re-patching the Mac OS, Quicktime, and other related software. Apple patched more than 200 vulnerabilities in 2007. If history is a good judge of future behavior, then Apple will suffer through a few widespread exploits in 2008.
Windows Vista will continue to be attacked and exploited. In 2007, the number of publicly known exploits of Vista was down compared to those of XP (as predicted by many observers), but the numbers weren’t down significantly enough to make anyone feel like they could compute in relative safety. It will be nice if the number of Microsoft Office-related exploits goes down. 2006 and 2007 were banner years for Microsoft Office exploits. [Disclosure: I work full-time for Microsoft]. Because of SDL, I expect exploits in XP, Vista, and Office to go down in 2008...
[snip]
Read his full article with a lot more predictions at:
http://www.infoworld.com/article/08/01/04/01OP-secadvise-technology-security-predictions-for-2008_1.html?source=NLC-SECADV&cgd=2008-01-07
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine