Over the past week or so, the Conficker worm has raised more than a few security questions. When will it appear? What will it do? How do you protect against it?
A new breed of virus, Conficker seemingly has the ability to infect computers by simply inhabiting a Web site or turning up in an e-mail inbox. Users were instructed to install an emergency patch released by Microsoft which would prevent the virus from exploiting the buffer overflow vulnerability.
But this new worm has brought the issue of how we deal with security to the forefront. Must we always have to come up with patches, fixes and other forms of reactive security to keep our computers safe? In a recent interview with security expert and Comodo security CEO, Melih Abdulhayoglu, an alternative form of security was brought to light: default-deny based systems. And although this white-listing form of security is not a new concept, recent security breaches and the rising number of identity theft cases force us to re-think the way we fight cyber-terrorism. Abdulhayoglu offers a possible solution to these growing security issues.
The Internet has changed the way we communicate, the way we do our jobs and, essentially, the way we live our lives. With so much of our personal and financial information online, security should be a top priority. And seeing as how in 2008, the revenue from Internet crimes surpassed revenue from drug trafficking crimes, it is evident that a very lucrative living can be made stealing this information.
Abdulhayoglu said we need to change the way we fight the war on Internet crime. "In the first World War, we fought war from the trenches. Today we have fighter jets dropping bombs. The way we engage in war in the physical world has evolved. In the online world, we are still fighting the malware war from the trenches. The way we fight the war needs to change."
He said the way to do this is by adopting a default-deny based system on a large scale. This multi-layered approach to security would almost completely eliminate the need for anti-virus software and never-ending security patches and fixes.
"Think about a house. Your first layer of security is a door, which is the prevention layer," said Abdulhayoglu. "Using the current default-allow system, anyone gets to come through the door unless they are on the 'black-list.' This is ineffective because new malware is popping up everyday and will not be identified (or put on the black-list) until it has caused damage. Using the default-deny system, no one gets to come through that door unless they are on the 'white-list'," he continued.
"The second layer of security is the burglar alarm, which is the detection layer. Most anti-virus systems have this layer of security, but will only ring the alarm if the burglar is one it recognizes. If it is a new burglar in town, he can go ahead and come right it," said Abdulhayoglu. "But combined with the prevention layer, detection is useful as a back-up tool."
"The last layer of security is the homeowner's insurance, or a patch or fix, which is the cure if all else fails," Abdulhayoglu said. "That is an example of a default-deny based security system. All we're doing is putting some doors in place and saying we'll only open those doors if [applications] are legitimate."
Abdulhayoglu claims that the inconveniences with the default-deny based system are minimal in exchange for increased security. The white-list database Comodo uses contains millions of approved Web sites and applications. If the Web site or application that is trying to be accessed is unknown, a dialog box
will appear asking the user if they would like to continue.
Another key to increasing security on the Internet using this method is to make it affordable for all. Abdulhayoglu said, "Security must be a right, not a luxury, otherwise it will not succeed." A version of his product is offered for free in effort to protect those who can't afford the cost of security software.
He plans to take his product to China where he hopes it will be widely adopted. "China is now the biggest Internet population in the world with nearly 180 million computer users. Many of these people cannot afford the extra money for security software. It is in our best interest to protect those machines so they don't fall into the wrong hands. Because if they do, it will be our (the U.S.) banks, our PCs, our electricity and our health care that will be attacked."
One of the benefits of the Internet is that it can connect people all over the world with a click of a mouse. It just so happens that, in terms of security, this may also be a downfall. "It is much easier for someone to do an online crime from the comfort of their bedroom than trying to smuggle drugs," said Abdulhayoglu. Cyber-crime is becoming a huge industry and unfortunately, our legal framework is struggling to catch up. "Many countries where these Internet crimes originate have no laws set up and they are not punishable."
