I think the first problem is an increase in the number of bad guys out there looking to make money using malware. Unfortunately, there's not much we can do about that, so we have to focus on both proactive measures to prevent the infections and reactive measures to deal with the infections as they occur.
Why both? If we put in preventive measures, then why do we need reactive ones? It's simple. Security controls fail. Something will get through. As I've said before, when it comes to security, failure is inevitable so you must plan for it.
The recent testing by NSS Labs of anti-malware products for consumers and enterprises is pretty disheartening -- especially if you're one of those folks still clutching your antivirus under the covers and whispering to yourself that it's all going to be OK. It's not. Take off the blinders because the report clearly shows the products we are paying to protect our users are not completely effective.
Another factor I've seen recently is that malware is better adapting to the environments it's infecting. The groups I've seen with increased malware infections are in both the "everyone is an admin" and "everyone is a user" environments. While I'm still a big proponent of keeping your users as "Users" (and not "Power Users" and "Administrators"), that isn't helping as much. Malware authors have taken the tact that if they can't infect the entire system, then let's infect at least the user profile.
Rick Moy, president of NSS Labs, said it best: "With so many zero-hour attacks out there, you're going to need multiple layers of protection. Secure Web gateways, Microsoft User Account Control, and whitelisting are just a few of the accompanying layers that users should be looking into." Thanks, Rick. I couldn't have said it better. I'll be taking a deeper look at some of these technologies in upcoming blogs. Stay tuned.
John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.