RSSSymantec: Internet Security Attacks Up
By David Worthington | Published March 21, 2005, 6:46 PM
Security vendor Symantec has published a bi-annual report that shows an increase in the number of Web attacks, severe and easy to exploit vulnerabilities, phishing scams and threats to Windows. According to the report, businesses are now averaging 13.6 security incidents per day, up from 10.6 earlier in the year.
Symantec analyzed trends in security risks and Internet attacks from July 1, 2004 to Dec. 31, 2004.
The report stated that there has been a 64 percent increase in Windows worms and viruses, and an average of 45 new remotely executed vulnerabilities per week. 97 percent of these attacks were considered to be moderately high or severe, and approximately 70 percent were easy to exploit without custom coding or with code that can be found in public forums.
The most common Internet attack was the Microsoft SQL Server Resolution Service Stack Overflow Attack, which has held that position for three reporting periods; the second most common was the TCP SYN Flood Denial of Service attack.
The report also said maliciously coded applications are becoming more frequently designed to obtain confidential information and there has been an increase of over 366 percent in phishing attempts reported by Symantec Brightmail AntiSpam filters. In addition, hackers are favoring attacks on Web applications because they can bypass perimeter security.
Symantec found that Trojans that steal confidential information accounted for 33 percent of the top 50 attacks. Symantec software is now blocking roughly 33 million phishing attempts per week, up from 9 million in July 2004.
Web applications were cited as a serious concern because of the potential that hackers could obtain personal information without breaking into any servers.
The time between the disclosure of vulnerabilities and the emergence of attacks has lessened, with malicious exploit code now being publicized within a timeframe of 6.4 days.
Symantec warns that malicious code will begin targeting mobile devices -- especially Bluetooth-enabled devices -- more frequently; 'bot' networks associated with criminal activity will expand; client-side attacks using viruses and worms to propagate will become more common; attacks will be embedded in audio and video images; and spyware and adware will continue to rise despite new laws seeking to curb the practice.
found a brick lying on the floor in my livingroom surrounded by shards of glass. Sure enough, someone had thrown it through my window. It had a note attached that read, "For bricks thrown through windows, call Symantec."
Score: 0
I found this link on this board, and posted my comment said, "Your joke sucked!"
Score: 0
Clearly a disgruntled Symantec employee... :)
Score: 0
DISABLE THE SERVICES YOU DON'T USE!!! Don't leave the server service running if you don't use it, turn off Telephony service if you use DSL and don't use a dial-up modem, and for God's sake disable that trojan downloader service known as Windows Messenger (msmsgs.exe). It is only included for backward compatability with NT 4.0; few people actually used it with Windows 2000 and fewer use it with XP.
Score: 0
Buy more symantec tools.
What else is Symantec going to release? A story about fairies and butterflies?
Score: 0
Of course.
Symantec is a technologically bankrupt company. Their AV has basically used the same hackneyed architecture since LANDesk was acquired by them and all they've done is glue more and more functionality onto it without doing a badly needed redesign. The result is lacklustre products like SAV 9, a demonstrable kludge and one that is about to be abandoned in favor of SAV 10, the next big thing with "malware threat detection working properly now".
So what's my point?
Simply this:
What do you do when your field is becoming ultra competitive and the OS vendor whose product yours runs on is going to start offering the same services for free? Well, to keep the faithful believing and spending money, you adopt the mantle of "Security Company" and publish reports guaranteed to inspire FUD. You puff your chest out and quote statistics to corroborate those dire warnings. In that report, you include statistics to show how good you are and why you're such a great "Security Vendor". What a great PR ploy!
As the man said, what did you expect? The tooth fairy?
Score: 0
Virus? I can safely say my computer is yet to be infected with a virus I didn't install and run myself (as many other n00bs can say). Generally users just have to learn about what programs should be running on their computer and monitor them manually. *sysinternals.com* has some great little programs for that.
Computers need to be more secure based on the OS, NOT some cheap 3rd rate 3rd party software that claims to be "ALL IN ONE" at updating.
Maybe Microsoft, Apple and Linux can make newbie friendly Operating Systems that aren't so open to hacking. By default many ARE secure but what's to stop someone downloading some unknown trojan that takes over their system? Nothing. Why does the average computer NEED full permissions on a computer that could potentially destroy hardware and data?
Developing a standard OS to meet EVERYONES requirements is just begging for features.
A desktop PC shouldn't be a file server (refer to WinXP).
Score: 0
What sort of report would a Managed Security Service provider be expected to release ?
ISS will do the same, Trend, Verisign et al. At least Symantec are in a better position & have more global coverage & therefore slightly better credibility than the 'me too brigade' listed above that will soon follow suit.
#include
Score: 0
Symantec have better credibility?
Only if you're a n00b to the genre (or management which means the same thing), which is who they're aiming that report at.
A better product?
You're kidding right?
avast! 4 Home Edition offers MUCH better protection for a lot less money if you're a consumer. I can't comment on their corporate stuff since I've never tried to manage it from an enterprise perspective. However, home users need not waste money ont he Symantec junk, wunnerful PR and flashy reports to the contrary.
Score: 0