Blog

Virus Attacks: It’s Bad Out There and Getting Worse

Ara Trembly
Insurance Experts' Forum, December 10, 2009

My last blog entry about a particularly nasty virus attack on my business system prompted INN Editor-in-Chief Pat Speer to remark to me that things were getting pretty wild out there in cyberspace, and she could not be more correct. 

Virtually every Internet source I could find has documented increases in most kinds of malware over previous years, and predicted more doom and gloom for the years to come. But why should this be so? A whole new (and very profitable) industry has grown up around virus protection, and most of us are at least marginally aware that we need to do something to protect ourselves against intrusions, whether they be from disaffected pre-teens with nothing better to do, or from multi-national criminal syndicates who are making untold volumes of money by stealing information and often funneling the funds to terrorist organizations. 

Yet the problem continues to worsen and carriers, agents and brokers need to beware lest their customer data be compromised or stolen—a hellish nightmare in an industry that sells itself on trust. 

One reason this awful trend continues is that the bad guys and their products continue to be moving targets. Once upon a time, viruses were static pieces of software that, once recognized, could be easily dealt with. Today, however, malefactors don’t just build a virus program and keep using it, because once the virus is out there, software and security application vendors can get a look at it and develop a fix. Instead, just as with biological viruses, the bad guys continue to crank out mutations, or changes that will make the virus invisible to fixers and/or negate whatever efforts the good guys make to get rid of the offending apps. As a result, even though your anti-virus software will tell you that it has profiles on hundreds of thousands of viruses, it’s likely that the software doesn’t know about the newest variant just developed in Bulgaria, or some other far-flung place. 

Another reason is that the viruses themselves have been engineered to be more resistant to efforts to block or eliminate them. For example, the bug that attacked my systems kept hiding its own file names (or possibly changing them). Thus, tracking down the malicious files in order to delete and incinerate them became a true “cat and mouse game,” as Pat Speer called it. To make matters worse, it also did damage to one of my anti-virus programs, making it impossible for me to do a scan with that particular application. 

Yet another contributor to the increased success of malware attacks is that they are cleverly engineered to look like beneficial software. The malware that struck my system popped up out of nowhere and informed me that several evil-sounding bugs that posed a significant threat to my systems had infected my computer. The program used graphics that looked very much like Windows’ own security messages, and it is easy to imagine that many users would fall into the trap of downloading the “fix,” which is really more malware. 

I knew better, though; I wasn’t about to download any phony application. The problem, however, was that the virus went ahead and downloaded itself when I tried to close it out. When you think about it, there is virtually no way to defend yourself against such an attack short of sophisticated intrusion detection systems that are not widely installed. If experienced users can be victimized, how much worse will less seasoned users be hit? 

This is a losing battle, my friends, and unless the security industry steps up and starts marketing better intrusion and detection systems, it will only get worse. It could actually get to the point where larger enterprises will severely limit Internet access to a select number of computers or dumb terminals, which won’t be directly connected to the network. While that seems unthinkable given the way we do business in this day and age, we may in the end have no choice. 

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

The opinions posted in this blog do not necessarily reflect those of Insurance Networking News or SourceMedia.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Customers for Life

Insurers once had a monopoly on lifetime customers, but technology has changed the game.

Smarter Tablet Use Could Transform Insurance

By reducing administrative tasks and automating paperwork, tablets can increase agentsí selling time and help them respond to customers in seconds, not hours.

Insurance Wake-Up Call: Embrace the Shared Economy Opportunities

SMA believes that insurers must embrace a "shared economy," crowdsourcing and open innovation to get ahead in the new marketplace.

The Lion and the Mouse: Start-ups Pitch to Top Insurer

Insurers should be on the lookout for innovative partnership arrangements that produce unique and valuable solutions.

Silicon Valley Ventures

A trip to area hotbed of technological innovation calls into question the potential viability of insurers' legacy systems, operations and processes.

Open Source Continues its March into the Enterprise

Insurers have a range of open-source options for running their businesses.