Reacting to Attacks Dooms Us to Failure

Going Proactive

I’m a big believer in layered security approaches, and this is a prime example of when we should be looking to add additional layers to our defenses.

I should also point out that I don’t claim to have all the answers. If I did, then I’d most certainly be working on bringing those products and technologies to the market! I will, of course, continue watching the market for product and technology solutions as new and improved versions hit the streets.

We’re likely to find some relief by revisiting the fundamental principles of secure computing. I expect that we’ll soon see, for example, more effective use of ”separation of privileges” and ”compartmentalization”.

For example, email clients that can effectively ”sandbox” attachments so they can’t do harm to the user’s computer might well help prevent or slow new viruses from spreading. That way, when the user inevitably clicks his mouse on an attachment that contains a new virus for which no signature exists, the virus doesn’t hop to all the users friends — or should I say ex-friends.

The Java Virtual Machine (JVM) is a great example of a sandbox architecture that protects the host computer from software that is run from within a JVM-enabled browser. It does this by starting with a policy for accessing local system resources, such as disk drives and network connections. Any Java applet running in the sandbox is prohibited from accessing resources that the policy file disallows.

Another possible approach to reducing the rapid spread of new malware could lie in better screening of incoming — and outgoing — email at the enterprise level.

Instead of continuing to use a blacklist approach that blocks emails containing attachments known to be bad, how about only accepting emails that are at least more likely to be good? That is, block emails containing attachments and require the recipient/sender to vouch for their validity before allowing them to pass. This could be automated to a large degree, but would no doubt result in additional effort.

But wouldn’t the additional effort be better than the status quo?

In addition, we need the entire software development community focusing more heavily on issues of software security, from the earliest stages of a product’s design through its deployment, operation, and maintenance. The days of customers accepting products that contain easily avoidable flaws, such as buffer overflows, are over.

But that’s another column for another day.

Kenneth van Wyk, a 19-year veteran of IT security, is the principal consultant for KRvW Associates. The co-author of two security-related books, he has worked at CERT, as well as at the U.S. Department of Defense.

This column first appeared on eSecurity Planet.