Posted by: Troy Tate
drive-by download, information security, information security awareness, infosec, malicious software, malware, security awareness
Last year the NY Times website had advertisements that served up some malicious content (Would you click if it showed on the NY Times website? – Really would you?). Now, in 2010, Dasient has released research about Q1’10 web-based malware and trends. This research is very scary and not surprising if you have been “in the wild” on the internet without the protections offered by an enterprise environment. The increase in malicious “anti-malvertising” alone has been significant in the past several months. What is a net-citizen supposed to do?
I proposed some options in 2009:
Should computers be “licensed” or “permitted” to be on the internet to reduce threats to unsuspecting users? That’s a thought for you… what governing body would issue these computer use permits? What would the rate infrastructure be like – based on processor/memory or bandwidth? Where would the permit fees go? Would there be some internet oversight body that uses the fees to have inline malware filters?
Would these still be valid options? I mean there is real money involved with the losses due to malicious software. Who is responsible for the loss? Is it the non-technical home user who does not keep their system updated because they do not know what to update? And if they do update it, how do they know the update source is credible? How many times have you gone to a website (think Facebook) and see that your Flash software needs updated? This is an example of a prime target for malvertisers. What would you suggest? Leave some feedback for me and other ITKE readers.
Thanks for reading and let’s continue to be good network citizens!