CIO Symmetry

A SearchCIO Small Business blog

» VIEW ALL POSTS Jun 5 2012   3:13PM GMT

Let’s not go overboard about Flame malware



Posted by: Scot Petersen
Tags:
cyberattacks
Flame
malware
Security

Similar to nuclear war scenarios, the most significant damage the recently discovered Flame malware will inflict comes from its fallout rather than from the initial blast.

The seriousness of Flame is real: Flame and the Duqu and Stuxnet malware are capable of attacking national critical infrastructure. The U.S. used Stuxnet against Iran’s nuclear program, which, given the many alternatives, seems like a pretty good idea. The same virus programs, however, could be used against any system that attackers wanted to target, including those in the U.S., and put millions of people at risk.

On the other hand, experts say there isn’t anything special about Flame and that it can be easily defended against with conventional security tools and policies. Microsoft this week revoked fraudulent certificates used by the Flame malware toolkit. Some experts say there is a bigger threat to businesses from application-level exploits by individual hackers than from the Flame-category cyberespionage attacks.

Two points are emerging in the wake of the discovery of Flame. One is (needless) panic; the second is a call for international treaties banning cyberwarfare. A big push for this is coming from Eugene Kaspersky, an influential security expert and founder of Russian antivirus company Kaspersky Labs, and the Russian government. Both entities are well populated with talented malware security experts, both legitimate and criminal.

As we have learned over the past decade, the best policy for security is openness. If we start making any kind of code or use of code illegal, we are going to have more problems than the threat of cyberattack. As the saying goes, if you outlaw guns, only outlaws will have guns.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: