[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] U.S. Takes Anti-Virus Role
From:       William Knowles <wk () c4i ! org>
Date:       2004-01-29 10:32:56
Message-ID: Pine.LNX.4.44.0401290431200.16502-100000 () idle ! curiosity ! org
[Download RAW message or body]

http://www.washingtonpost.com/wp-dyn/articles/A58255-2004Jan28.html

By Jonathan Krim and Mike Musgrove
Washington Post Staff Writers
January 29, 2004

The federal government yesterday announced a new, centralized system 
to alert the country to threats to computer systems, as a virulent 
worm continued to play havoc with e-mail around the world.

The alert system, announced by the cybersecurity division of the 
Department of Homeland Security, will be a clearinghouse of 
information on hacking, viruses, worms and cyberterrorism. It will 
also be a place for consumers to learn about their systems' 
vulnerabilities and how to fight computer crime.

"We are focused on making the threats and recommended actions easier 
for all computer users to understand, prioritize and act upon," said 
Amit Yoran, the director of the cybersecurity division.

The system was planned well before the latest computer worm began 
infecting machines on Monday.

Computer security firm Network Associates Inc. said that while the 
number of new occurrences of the worm, known as MyDoom, has leveled 
off, there is still a tide of MyDoom-bearing e-mails circulating 
around the Internet.

The worm disguises itself as e-mail that was not delivered properly, 
enticing recipients to open attachments that launch the malicious 
code.

One of Network Associates' major corporate clients was blocking 
infected e-mails at a rate of 160,000 an hour yesterday, said Craig 
Schmugar, a virus research manager at the company.

In addition to bogging down e-mail networks, the worm is scheduled to 
use infected computers to launch Web-based attacks on SCO Group Inc., 
a Utah company that claims to own the rights to some of the software 
code used in versions of the freely available operating system Linux.

Those attacks are scheduled to begin Sunday. A variant of the worm 
that appeared yesterday is scheduled to launch similar attacks against 
Microsoft Corp.'s Web site. Microsoft and SCO have licensed some of 
each other's technologies.

The variant also prevents infected computers from viewing the Web 
sites of many major anti-virus companies.

Like the original, yesterday's variant is programmed to avoid 
targeting e-mail addresses used by the government, military, the 
search site Google and some Web domain names associated with 
open-source software community.

"When the bomb goes off on [Sunday], that's when we're expecting to 
see some major issues," said Lloyd Taylor, vice president of 
technology and operations at Keynote Systems Inc., a Web performance 
monitoring firm.

The new federal alert system is intended to make the government the 
trusted source of computer-security information, which currently is 
disseminated by various corporate, research, government and 
quasi-public organizations.

Cyber-threats to national infrastructure, for example, were the 
responsibility of the old National Infrastructure Protection Center, 
which was under the FBI until the Homeland Security Department was 
formed.

Several companies and research institutions have Web sites with 
information on virus, worm and other threats, with many of them 
selling programming solutions to network operators to fend off 
particular attacks. Many firms sell consumers various products to 
protect their home systems while providing security information.

Some security experts questioned whether the alerts are the best first 
use of the newly formed cybersecurity division.

"Is the lack of information sharing the biggest problem?" said Mark D. 
Rasch, vice president Solutionary Inc., a cybersecurity firm. "No."

But Yoran said it is important that such information come from a 
neutral source.

"The vendor community is focused on sales as well as on protecting 
their clients," said Yoran, who recently took over the division after 
working at Symantec Corp., which sells Norton anti-virus and other 
security products. "Coming from the U.S. government, the focus is 
solely on the public interest."

John Pescatore, a computer-security analyst for the research and 
consulting firm Gartner Inc., said it is especially important for 
consumers to have a place to go whose intent is not to sell products.

Unlike the wealth of information that is available for companies, 
"there's not a lot that is unfiltered for consumers," he said.

Computer users will be able to go to the division's Web site 
(www.us-cert.gov) for information and to sign up for regular 
newsletters and bulletins.

Alan Paller, head of the SANS Institute in Bethesda, a 
computer-security research facility, said he sees value in the 
government being the authority on identifying and tracking 
cyber-threats.

The model should be the National Weather Service, which collects 
primary weather data, Paller said. "Everyone else is an interpreter." 
With cybersecurity information, Paller said, "everyone is a collector. 
That model is wrong."

Because the government also has resources at the Defense Department 
and coordinates with industry groups that share data, Paller said, 
"they have access to data a little earlier. If they will tell people 
earlier, that will make a difference."

But Sen. Charles E. Schumer (D-N.Y.) said the effort was insufficient 
and potentially flawed.

"What DHS did . . . was essentially challenge computer hackers all 
over the world to put a virus into an e-mail that mimics the DHS 
e-mail warnings," Schumer said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn'
in the BODY of the mail.
[prev in list] [next in list] [prev in thread] [next in thread]