- 10 open source companies to watch
- Mythbuster busts his own tale
- $208 million petascale computer gets green light
- Sony recalls 73,000 Vaio laptops
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
In its "Top Ten Security Predictions for 2008," McAfee foresees the growth of virtualization opening up a huge attack surface. On the good-news side, the security vendor expects there will be less adware on the Internet to worry about. McAfee's list comes in the wake of archrival Symantec this week predicting its top five security threats for next year. Craig Schmugar and Dave Marcus, researchers at McAfee’s Avert Labs, shared this list:
* Web 2.0. Web-based social-networking sites, hosted applications, wikis and the like are way ahead in function but behind in security, according to McAfee. Active sites will continue to be victims of crosssite scripting attacks and malware exploits.
* Botnets. These are going to be Artful Dodgers, following the style of the largest botnet around today, Storm, “which radically changes its methods over time,” Schmugar says. “Storm is a trend-setter. A lot of the spam we see is coming across Storm-compromised machines, including PDF and image spam.”
* Instant messaging/instant malware. On the horizon is a “self-executing IM worm,” Schmugar predicts. “The ingredients are coming together, more critical vulnerabilities
targeting IM clients.” Count on it.
* Online games. Password-stealing Trojans have emerged as a new type of threat to millions of game players. “Virtual objects in games are
worth money,” Schmugar notes. “It’s lower risk than targeting a bank.”
* Microsoft’s Vista software. Has it seemed fairly quiet on the security front since Microsoft shipped Vista last year? McAfee says that quiet period is coming to an end, now that the installed base is growing slowly to 10% of desktop operating systems. That’s the threshold at which a platform is targeted more aggressively, Marcus says.
* Decline of adware. “The government, such as the Federal Trade Commission, has been successful fighting against it,” Marcus says. “Advertisers don’t like the association with adware. Some of the programs we now see are considered Trojans.”
* Phishing. Attackers are not going just after the larger targets, such as PayPal and eBay, and the big banks. Phishing is now ubiquitous, hitting MySpace users and any online Web site imaginable.
* Parasitics. Though not a wholly new category of malware, parasitics — which look for a specific file on your system into which they embed themselves and then spread, rather than just make a copy of themselves — are having a renaissance. “We've seen a 400% increase in parasitics [such as] Philis in 2007,” Schmugar says. “Virut is active and Almanahe, which has a rootkit.” To combat an infection by parasitics, “you have to isolate the parasitic code within the host code,” he says. “If it overwrites the good code, you may never get it back. The parasitic outbreaks we’ve seen this year have been very distracting.”
Rss FeedRss Feed
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
The ROI and TCO Benefits of Data Deduplication for Data Protection in the EnterpriseThis paper examines and quantifies the costs and benefits of backup with deduplication storage as...
Life on the edge of your WAN has changed dramatically. With the need to deliver advanced services,...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
We have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment