[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] U.S. Takes Anti-Virus Role
From: William Knowles <wk () c4i ! org>
Date: 2004-01-29 10:32:56
Message-ID: Pine.LNX.4.44.0401290431200.16502-100000 () idle ! curiosity ! org
[Download RAW message or body]
http://www.washingtonpost.com/wp-dyn/articles/A58255-2004Jan28.html
By Jonathan Krim and Mike Musgrove
Washington Post Staff Writers
January 29, 2004
The federal government yesterday announced a new, centralized system
to alert the country to threats to computer systems, as a virulent
worm continued to play havoc with e-mail around the world.
The alert system, announced by the cybersecurity division of the
Department of Homeland Security, will be a clearinghouse of
information on hacking, viruses, worms and cyberterrorism. It will
also be a place for consumers to learn about their systems'
vulnerabilities and how to fight computer crime.
"We are focused on making the threats and recommended actions easier
for all computer users to understand, prioritize and act upon," said
Amit Yoran, the director of the cybersecurity division.
The system was planned well before the latest computer worm began
infecting machines on Monday.
Computer security firm Network Associates Inc. said that while the
number of new occurrences of the worm, known as MyDoom, has leveled
off, there is still a tide of MyDoom-bearing e-mails circulating
around the Internet.
The worm disguises itself as e-mail that was not delivered properly,
enticing recipients to open attachments that launch the malicious
code.
One of Network Associates' major corporate clients was blocking
infected e-mails at a rate of 160,000 an hour yesterday, said Craig
Schmugar, a virus research manager at the company.
In addition to bogging down e-mail networks, the worm is scheduled to
use infected computers to launch Web-based attacks on SCO Group Inc.,
a Utah company that claims to own the rights to some of the software
code used in versions of the freely available operating system Linux.
Those attacks are scheduled to begin Sunday. A variant of the worm
that appeared yesterday is scheduled to launch similar attacks against
Microsoft Corp.'s Web site. Microsoft and SCO have licensed some of
each other's technologies.
The variant also prevents infected computers from viewing the Web
sites of many major anti-virus companies.
Like the original, yesterday's variant is programmed to avoid
targeting e-mail addresses used by the government, military, the
search site Google and some Web domain names associated with
open-source software community.
"When the bomb goes off on [Sunday], that's when we're expecting to
see some major issues," said Lloyd Taylor, vice president of
technology and operations at Keynote Systems Inc., a Web performance
monitoring firm.
The new federal alert system is intended to make the government the
trusted source of computer-security information, which currently is
disseminated by various corporate, research, government and
quasi-public organizations.
Cyber-threats to national infrastructure, for example, were the
responsibility of the old National Infrastructure Protection Center,
which was under the FBI until the Homeland Security Department was
formed.
Several companies and research institutions have Web sites with
information on virus, worm and other threats, with many of them
selling programming solutions to network operators to fend off
particular attacks. Many firms sell consumers various products to
protect their home systems while providing security information.
Some security experts questioned whether the alerts are the best first
use of the newly formed cybersecurity division.
"Is the lack of information sharing the biggest problem?" said Mark D.
Rasch, vice president Solutionary Inc., a cybersecurity firm. "No."
But Yoran said it is important that such information come from a
neutral source.
"The vendor community is focused on sales as well as on protecting
their clients," said Yoran, who recently took over the division after
working at Symantec Corp., which sells Norton anti-virus and other
security products. "Coming from the U.S. government, the focus is
solely on the public interest."
John Pescatore, a computer-security analyst for the research and
consulting firm Gartner Inc., said it is especially important for
consumers to have a place to go whose intent is not to sell products.
Unlike the wealth of information that is available for companies,
"there's not a lot that is unfiltered for consumers," he said.
Computer users will be able to go to the division's Web site
(www.us-cert.gov) for information and to sign up for regular
newsletters and bulletins.
Alan Paller, head of the SANS Institute in Bethesda, a
computer-security research facility, said he sees value in the
government being the authority on identifying and tracking
cyber-threats.
The model should be the National Weather Service, which collects
primary weather data, Paller said. "Everyone else is an interpreter."
With cybersecurity information, Paller said, "everyone is a collector.
That model is wrong."
Because the government also has resources at the Defense Department
and coordinates with industry groups that share data, Paller said,
"they have access to data a little earlier. If they will tell people
earlier, that will make a difference."
But Sen. Charles E. Schumer (D-N.Y.) said the effort was insufficient
and potentially flawed.
"What DHS did . . . was essentially challenge computer hackers all
over the world to put a virus into an e-mail that mimics the DHS
e-mail warnings," Schumer said.
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn'
in the BODY of the mail.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic